Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
getscreen-456311346-x86.exe

Overview

General Information

Sample name:getscreen-456311346-x86.exe
Analysis ID:1503284
MD5:de8e90d5c46a3380029fb62d92744f41
SHA1:e915793ce37d0875714a0dc6f20da55124bc8f80
SHA256:d46919fddb23e71c0e711edcd9fb2974328c12dd71758aeaa17de02dac73d37b
Tags:exe
Infos:

Detection

Score:54
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:47
Range:0 - 100

Signatures

Modifies Internet Explorer zonemap settings
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Abnormal high CPU Usage
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to simulate mouse events
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: IE Change Domain Zone
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • getscreen-456311346-x86.exe (PID: 5104 cmdline: "C:\Users\user\Desktop\getscreen-456311346-x86.exe" MD5: DE8E90D5C46A3380029FB62D92744F41)
    • getscreen-456311346-x86.exe (PID: 3156 cmdline: "C:\Users\user\Desktop\getscreen-456311346-x86.exe" -gpipe \\.\pipe\PCommand97bklgwatxqckevrc -gui MD5: DE8E90D5C46A3380029FB62D92744F41)
    • getscreen-456311346-x86.exe (PID: 7184 cmdline: "C:\Users\user\Desktop\getscreen-456311346-x86.exe" -cpipe \\.\pipe\PCommand96wqtzgijhjvbbpwc -cmem 0000pipe0PCommand96wqtzgijhjvbbpwc02jg7o38si0vg44 -child MD5: DE8E90D5C46A3380029FB62D92744F41)
  • nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe (PID: 6128 cmdline: "C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe" -elevate \\.\pipe\elevateGS512nloywbvdyuzspalcelrqazdxtexsaor MD5: DE8E90D5C46A3380029FB62D92744F41)
  • svchost.exe (PID: 3164 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7596 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: IE Change Domain Zone
Source: Registry Key setAuthor: frack113: Data: Details: 2, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\getscreen-456311346-x86.exe, ProcessId: 3156, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getscreen.me\http
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon, CommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon, ProcessId: 3164, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F612F crypto_rsa_public_encrypt,0_2_013F612F
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_014D2165 freerdp_assistance_encrypt_pass_stub,0_2_014D2165
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F590A crypto_cert_get_email,0_2_013F590A
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F6105 crypto_rsa_private_encrypt,0_2_013F6105
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5966 crypto_cert_get_public_key,0_2_013F5966
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5831 crypto_cert_free,0_2_013F5831
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F584E crypto_cert_get_dns_names,0_2_013F584E
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,0_2_013F5B39
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5B24 crypto_cert_issuer,0_2_013F5B24
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_01407B24 crypto_base64_decode,0_2_01407B24
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_01407B3F crypto_base64_encode,0_2_01407B3F
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5A65 crypto_cert_get_upn,0_2_013F5A65
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5A61 crypto_cert_get_signature_alg,0_2_013F5A61
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5ABB crypto_cert_hash,0_2_013F5ABB
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5D58 crypto_cert_read,0_2_013F5D58
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5DA5 crypto_cert_subject_common_name,0_2_013F5DA5
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5D97 crypto_cert_subject_alt_name,0_2_013F5D97
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5D82 crypto_cert_subject,0_2_013F5D82
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_0144E42E _DecryptMessage@16,InitOnceExecuteOnce,0_2_0144E42E
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_0144E437 _EncryptMessage@16,InitOnceExecuteOnce,0_2_0144E437
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5732 crypto_cert_dns_names_free,0_2_013F5732
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,0_2_013F576E
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_01403F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,0_2_01403F1C
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,0_2_013F5782
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,0_2_013F5E14
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_014D2620 freerdp_assistance_get_encrypted_pass_stub,0_2_014D2620
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F5ED1 crypto_reverse,0_2_013F5ED1
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F612F crypto_rsa_public_encrypt,1_2_013F612F
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_014D2165 freerdp_assistance_encrypt_pass_stub,1_2_014D2165
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F590A crypto_cert_get_email,1_2_013F590A
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F6105 crypto_rsa_private_encrypt,1_2_013F6105
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5966 crypto_cert_get_public_key,1_2_013F5966
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5831 crypto_cert_free,1_2_013F5831
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F584E crypto_cert_get_dns_names,1_2_013F584E
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,1_2_013F5B39
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5B24 crypto_cert_issuer,1_2_013F5B24
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_01407B24 crypto_base64_decode,1_2_01407B24
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_01407B3F crypto_base64_encode,1_2_01407B3F
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5A65 crypto_cert_get_upn,1_2_013F5A65
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5A61 crypto_cert_get_signature_alg,1_2_013F5A61
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5ABB crypto_cert_hash,1_2_013F5ABB
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5D58 crypto_cert_read,1_2_013F5D58
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5DA5 crypto_cert_subject_common_name,1_2_013F5DA5
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5D97 crypto_cert_subject_alt_name,1_2_013F5D97
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5D82 crypto_cert_subject,1_2_013F5D82
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_0144E42E _DecryptMessage@16,InitOnceExecuteOnce,1_2_0144E42E
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_0144E437 _EncryptMessage@16,InitOnceExecuteOnce,1_2_0144E437
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5732 crypto_cert_dns_names_free,1_2_013F5732
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,1_2_013F576E
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_01403F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,1_2_01403F1C
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,1_2_013F5782
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,1_2_013F5E14
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_014D2620 freerdp_assistance_get_encrypted_pass_stub,1_2_014D2620
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_013F5ED1 crypto_reverse,1_2_013F5ED1
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_0123612F crypto_rsa_public_encrypt,2_2_0123612F
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01236105 crypto_rsa_private_encrypt,2_2_01236105
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_0123590A crypto_cert_get_email,2_2_0123590A
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235966 crypto_cert_get_public_key,2_2_01235966
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01312165 freerdp_assistance_encrypt_pass_stub,2_2_01312165
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235831 crypto_cert_free,2_2_01235831
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_0123584E crypto_cert_get_dns_names,2_2_0123584E
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01247B24 crypto_base64_decode,2_2_01247B24
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235B24 crypto_cert_issuer,2_2_01235B24
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,2_2_01235B39
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01247B3F crypto_base64_encode,2_2_01247B3F
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235A61 crypto_cert_get_signature_alg,2_2_01235A61
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235A65 crypto_cert_get_upn,2_2_01235A65
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235ABB crypto_cert_hash,2_2_01235ABB
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235D58 crypto_cert_read,2_2_01235D58
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235DA5 crypto_cert_subject_common_name,2_2_01235DA5
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235D82 crypto_cert_subject,2_2_01235D82
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235D97 crypto_cert_subject_alt_name,2_2_01235D97
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_0128E42E _DecryptMessage@16,InitOnceExecuteOnce,2_2_0128E42E
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_0128E437 _EncryptMessage@16,InitOnceExecuteOnce,2_2_0128E437
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235732 crypto_cert_dns_names_free,2_2_01235732
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01243F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,2_2_01243F1C
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_0123576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,2_2_0123576E
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,2_2_01235782
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01312620 freerdp_assistance_get_encrypted_pass_stub,2_2_01312620
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,2_2_01235E14
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_01235ED1 crypto_reverse,2_2_01235ED1
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F612F crypto_rsa_public_encrypt,4_2_013F612F
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_014D2165 freerdp_assistance_encrypt_pass_stub,4_2_014D2165
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F590A crypto_cert_get_email,4_2_013F590A
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F6105 crypto_rsa_private_encrypt,4_2_013F6105
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5966 crypto_cert_get_public_key,4_2_013F5966
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5831 crypto_cert_free,4_2_013F5831
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F584E crypto_cert_get_dns_names,4_2_013F584E
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,4_2_013F5B39
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5B24 crypto_cert_issuer,4_2_013F5B24
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_01407B24 crypto_base64_decode,4_2_01407B24
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_01407B3F crypto_base64_encode,4_2_01407B3F
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5A65 crypto_cert_get_upn,4_2_013F5A65
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5A61 crypto_cert_get_signature_alg,4_2_013F5A61
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5ABB crypto_cert_hash,4_2_013F5ABB
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5D58 crypto_cert_read,4_2_013F5D58
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5DA5 crypto_cert_subject_common_name,4_2_013F5DA5
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5D97 crypto_cert_subject_alt_name,4_2_013F5D97
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5D82 crypto_cert_subject,4_2_013F5D82
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_0144E42E _DecryptMessage@16,InitOnceExecuteOnce,4_2_0144E42E
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_0144E437 _EncryptMessage@16,InitOnceExecuteOnce,4_2_0144E437
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5732 crypto_cert_dns_names_free,4_2_013F5732
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,4_2_013F576E
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_01403F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,4_2_01403F1C
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,4_2_013F5782
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,4_2_013F5E14
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_014D2620 freerdp_assistance_get_encrypted_pass_stub,4_2_014D2620
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_013F5ED1 crypto_reverse,4_2_013F5ED1
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION getscreen-456311346-x86.exeJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION getscreen-456311346-x86.exeJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: getscreen-456311346-x86.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: getscreen-456311346-x86.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: getscreen-456311346-x86.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\Project\agent-windows\console\Win32\Release\getscreen.pdb source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmp
Source: Joe Sandbox ViewIP Address: 78.47.165.25 78.47.165.25
Source: Joe Sandbox ViewIP Address: 51.89.95.37 51.89.95.37
Source: Joe Sandbox ViewIP Address: 5.75.168.191 5.75.168.191
Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficDNS traffic detected: DNS query: getscreen.me
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://proxy.contoso.com:3128/
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://proxy.pcommand.com:3128
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01http://www.webrtc.org/exper
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-timeurn:3gpp:video-orientationhttp://www.we
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cn
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-frame-tracking-id
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://%S/%S/agent/chat$.typeoutprocessData4ZC
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://%S/%S/agent/chat$.typeoutprocessData4Z_
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://getscreen.me/agent-policy
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=link
Source: getscreen-456311346-x86.exe, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: unknownNetwork traffic detected: HTTP traffic on port 50693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51422 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52633 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51663 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51548 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50578 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50440 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52518 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51410 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50325 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51524 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52645 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50464 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52404 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51319 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50439 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52608 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51651 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52506 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51320 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50566 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52416 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51512 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50591 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50301 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52302 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50656 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50247 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51561 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51446 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51626 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50313 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51434 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52555 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51103 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50259 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51307 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51500 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51573 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52621 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51638 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52428 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50644 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52516
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52517
Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51115 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52514
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52515
Source: unknownNetwork traffic detected: HTTP traffic on port 52567 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52518
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52519
Source: unknownNetwork traffic detected: HTTP traffic on port 50632 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52512
Source: unknownNetwork traffic detected: HTTP traffic on port 50873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52513
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52510
Source: unknownNetwork traffic detected: HTTP traffic on port 52326 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52511
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52527
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52528
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52525
Source: unknownNetwork traffic detected: HTTP traffic on port 50505 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52526
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52529
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52520
Source: unknownNetwork traffic detected: HTTP traffic on port 50987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52453 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52523
Source: unknownNetwork traffic detected: HTTP traffic on port 51001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52524
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52521
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52522
Source: unknownNetwork traffic detected: HTTP traffic on port 52200 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52338 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51207
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52538
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51208
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52539
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51205
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52536
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51206
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52537
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51209
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52530
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51200
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52531
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51203
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52534
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51204
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52535
Source: unknownNetwork traffic detected: HTTP traffic on port 50374 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51201
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52532
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51202
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52533
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51254 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50620 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52314 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51218
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52549
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51219
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51216
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52547
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51217
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52548
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51210
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52541
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51211
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52542
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52540
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51214
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52545
Source: unknownNetwork traffic detected: HTTP traffic on port 50897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51215
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52546
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51212
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52543
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51213
Source: unknownNetwork traffic detected: HTTP traffic on port 52212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52544
Source: unknownNetwork traffic detected: HTTP traffic on port 52579 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52441 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51127 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52592 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51266 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52477 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50350 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50607 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50362 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51139 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52580 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50619 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51409 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50349 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52465 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52505
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52506
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52503
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52504
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52509
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52507
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52508
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52501
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52502
Source: unknownNetwork traffic detected: HTTP traffic on port 50488 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52500
Source: unknownNetwork traffic detected: HTTP traffic on port 52850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51278 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51536 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52475
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51145
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52476
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52473
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51143
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52474
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51148
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52479
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51149
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51146
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52477
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51147
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52478
Source: unknownNetwork traffic detected: HTTP traffic on port 51176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51151
Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52482
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51152
Source: unknownNetwork traffic detected: HTTP traffic on port 52387 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52483
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52480
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51150
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52481
Source: unknownNetwork traffic detected: HTTP traffic on port 51164 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52375 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51155
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52486
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51156
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52487
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51153
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52484
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51154
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52485
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51159
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51157
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52488
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51158
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52489
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52490
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51162
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52493
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51163
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52494
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51160
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52491
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52492
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51161
Source: unknownNetwork traffic detected: HTTP traffic on port 50812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52158 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51166
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52497
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51167
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52498
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52495
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52496
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51165
Source: unknownNetwork traffic detected: HTTP traffic on port 51152 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51168
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52499
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51170
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51173
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51174
Source: unknownNetwork traffic detected: HTTP traffic on port 53196 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51172
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51177
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51175
Source: unknownNetwork traffic detected: HTTP traffic on port 53104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51176
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51179
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51180
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51184
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51185
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51182
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51183
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52110 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51108
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52439
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51109
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51106
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52437
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51107
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52438
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51100
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52431
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52432
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52430
Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52435
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52436
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51102
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52433
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51103
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52434
Source: unknownNetwork traffic detected: HTTP traffic on port 50848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52448
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51118
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52449
Source: unknownNetwork traffic detected: HTTP traffic on port 52109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51111
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52442
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52440
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51110
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52441
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51115
Source: unknownNetwork traffic detected: HTTP traffic on port 52087 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52446
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51116
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52447
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51113
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52444
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51114
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52445
Source: unknownNetwork traffic detected: HTTP traffic on port 53014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52450
Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52351 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51128
Source: unknownNetwork traffic detected: HTTP traffic on port 51188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52459
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51129
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52453
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52454
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52451
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52452
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51126
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52457
Source: unknownNetwork traffic detected: HTTP traffic on port 52363 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51127
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52458
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51124
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52455
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51125
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52456
Source: unknownNetwork traffic detected: HTTP traffic on port 50836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52460
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51130
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52461
Source: unknownNetwork traffic detected: HTTP traffic on port 53286 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51139
Source: unknownNetwork traffic detected: HTTP traffic on port 53026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51133
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52464
Source: unknownNetwork traffic detected: HTTP traffic on port 52694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51134
Source: unknownNetwork traffic detected: HTTP traffic on port 51242 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52465
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51131
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52462
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51132
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52463
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51137
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52468
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51138
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52469
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51135
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52466
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51136
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52467
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51140
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52471
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51141
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52472
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52470
Source: unknownNetwork traffic detected: HTTP traffic on port 52099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51230 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51471 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53274 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50517 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53292 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53308 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50529 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51483 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51495 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50272 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52075 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50530 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51458 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51229 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52670 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53262 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53321 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50296 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51205 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51188
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51189
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51186
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51187
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51191
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51192
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51190
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51195
Source: unknownNetwork traffic detected: HTTP traffic on port 51994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50542 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51196
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51193
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51194
Source: unknownNetwork traffic detected: HTTP traffic on port 51741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51199
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51197
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51198
Source: unknownNetwork traffic detected: HTTP traffic on port 53250 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52669 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50554 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52399 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52134 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50284 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52657 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53249 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52255 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53327 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52141 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52231 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51020 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50601 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52243 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52279 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51490 -> 443
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_00E2B0800_2_00E2B080
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_00E101A00_2_00E101A0
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_00E589A00_2_00E589A0
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_00E473000_2_00E47300
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_00E4A30D0_2_00E4A30D
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_00E466570_2_00E46657
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_00E097000_2_00E09700
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_00E2B0801_2_00E2B080
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_00E589A01_2_00E589A0
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_00E4A30D1_2_00E4A30D
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_00C6B0802_2_00C6B080
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_00C989A02_2_00C989A0
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_00C8A30D2_2_00C8A30D
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_00E2B0804_2_00E2B080
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_00E589A04_2_00E589A0
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_00E4A30D4_2_00E4A30D
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: String function: 0128E717 appears 101 times
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: String function: 01282354 appears 50 times
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: String function: 01442354 appears 154 times
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: String function: 0144E717 appears 303 times
Source: getscreen-456311346-x86.exeStatic PE information: Resource name: AFX_DIALOG_LAYOUT type: DOS executable (COM, 0x8C-variant)
Source: getscreen-456311346-x86.exeStatic PE information: Resource name: RT_ICON type: DOS executable (COM)
Source: getscreen-456311346-x86.exeStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drStatic PE information: Resource name: AFX_DIALOG_LAYOUT type: DOS executable (COM, 0x8C-variant)
Source: nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM)
Source: nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: getscreen-456311346-x86.exe, 00000000.00000000.1646697614.0000000002533000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-456311346-x86.exe
Source: getscreen-456311346-x86.exe, 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-456311346-x86.exe
Source: getscreen-456311346-x86.exe, 00000001.00000000.1649574320.0000000002533000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-456311346-x86.exe
Source: getscreen-456311346-x86.exe, 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-456311346-x86.exe
Source: getscreen-456311346-x86.exe, 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-456311346-x86.exe
Source: getscreen-456311346-x86.exe, 00000004.00000000.1677736663.0000000002533000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-456311346-x86.exe
Source: getscreen-456311346-x86.exeBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-456311346-x86.exe
Source: getscreen-456311346-x86.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal54.phis.evad.winEXE@9/448@6/3
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeFile created: C:\Users\user\AppData\Local\Getscreen.meJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeMutant created: \Sessions\1\BaseNamedObjects\Global\PCommandMutextTurbo96phqghum
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name, NumberOfCores, NumberOfLogicalProcessors, MaxClockSpeed, Caption FROM Win32_Processor
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeFile read: C:\Users\user\Desktop\getscreen-456311346-x86.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\getscreen-456311346-x86.exe "C:\Users\user\Desktop\getscreen-456311346-x86.exe"
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeProcess created: C:\Users\user\Desktop\getscreen-456311346-x86.exe "C:\Users\user\Desktop\getscreen-456311346-x86.exe" -gpipe \\.\pipe\PCommand97bklgwatxqckevrc -gui
Source: unknownProcess created: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe "C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe" -elevate \\.\pipe\elevateGS512nloywbvdyuzspalcelrqazdxtexsaor
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeProcess created: C:\Users\user\Desktop\getscreen-456311346-x86.exe "C:\Users\user\Desktop\getscreen-456311346-x86.exe" -cpipe \\.\pipe\PCommand96wqtzgijhjvbbpwc -cmem 0000pipe0PCommand96wqtzgijhjvbbpwc02jg7o38si0vg44 -child
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeProcess created: C:\Users\user\Desktop\getscreen-456311346-x86.exe "C:\Users\user\Desktop\getscreen-456311346-x86.exe" -gpipe \\.\pipe\PCommand97bklgwatxqckevrc -guiJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\Desktop\getscreen-456311346-x86.exe "C:\Users\user\Desktop\getscreen-456311346-x86.exe" -cpipe \\.\pipe\PCommand96wqtzgijhjvbbpwc -cmem 0000pipe0PCommand96wqtzgijhjvbbpwc02jg7o38si0vg44 -childJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ntdsapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: sas.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: dsparse.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: avrt.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: mfwmaaec.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: avrt.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: audioses.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: samlib.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: getscreen-456311346-x86.exeStatic PE information: certificate valid
Source: getscreen-456311346-x86.exeStatic file information: File size 3654448 > 1048576
Source: getscreen-456311346-x86.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x374e00
Source: getscreen-456311346-x86.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Project\agent-windows\console\Win32\Release\getscreen.pdb source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_025329E0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_025329E0
Source: nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe.0.drStatic PE information: real checksum: 0x38a69d should be: 0x38379c
Source: getscreen-456311346-x86.exeStatic PE information: real checksum: 0x38a69d should be: 0x38379c
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeFile created: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeFile created: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_01457449 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_01457449
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT BankLabel, DeviceLocator, DataWidth, Manufacturer, PartNumber, SerialNumber, Capacity FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Size FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name, Manufacturer, MACAddress, Speed, InterfaceIndex, Index, GUID FROM Win32_NetworkAdapter WHERE PhysicalAdapter=TRUE
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT DHCPServer, DNSServerSearchOrder, IPAddress FROM Win32_NetworkAdapterConfiguration WHERE InterfaceIndex = 1
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = &apos;True&apos;
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT BankLabel, DeviceLocator, DataWidth, Manufacturer, PartNumber, SerialNumber, Capacity FROM Win32_PhysicalMemory
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, VolumeName, FileSystem, Size, FreeSpace FROM Win32_LogicalDisk
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption FROM Win32_SoundDevice
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWindow / User API: threadDelayed 582Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWindow / User API: threadDelayed 1096Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWindow / User API: threadDelayed 445Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWindow / User API: threadDelayed 396Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWindow / User API: threadDelayed 483Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWindow / User API: threadDelayed 601Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWindow / User API: threadDelayed 9968Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWindow / User API: threadDelayed 933Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeAPI coverage: 2.6 %
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeAPI coverage: 1.2 %
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeAPI coverage: 1.5 %
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeAPI coverage: 1.5 %
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exe TID: 2416Thread sleep count: 582 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exe TID: 1188Thread sleep count: 1096 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exe TID: 3736Thread sleep count: 445 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exe TID: 5348Thread sleep count: 396 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exe TID: 5480Thread sleep count: 483 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exe TID: 5720Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exe TID: 2656Thread sleep count: 601 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exe TID: 5012Thread sleep count: 227 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exe TID: 7220Thread sleep count: 933 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT BIOSVersion, Name, ReleaseDate FROM Win32_BIOS
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model, Name, Domain, Workgroup FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name, NumberOfCores, NumberOfLogicalProcessors, MaxClockSpeed, Caption FROM Win32_Processor
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeLast function: Thread delayed
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Hyper-V console (use port 2179, disable negotiation)
Source: getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMnet
Source: getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WebRTC-AllowMACBasedIPv6WebRTC-BindUsingInterfaceNameVMnetWebRTC-UseDifferentiatedCellularCostsWebRTC-AddNetworkCostToVpnNet[:id=RT
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: RAM slot #0RAM slot #0@VMware Virtual RAMVMW-4096MB00000001
Source: getscreen-456311346-x86.exe, 00000000.00000002.4123084665.0000000005A65000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: trdware":"{\"CPU\":\"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\",\"CPUSpeed\":2000,\"CPUCores\":4,\"CPUCoresLogical\":1,\"CPUFamily\":\"Intel64 Family 6 Model 143 Stepping 8\",\"BIOS\":\"RPXYOBZ4WU\",\"BIOSVersion\":\"20221121\",\"BIOSDate\":\"\",\"RAMPhys\":8191,\"RAMPhysAvail\":2260,\"RAMVirt\":2047,\"RAMVirtAvail\":1881,\"RAMPageFile\":8191,\"RAMBanks\":[{\"Bank\":\"RAM slot #0\",\"Locator\":\"RAM slot #0\",\"DataWidth\":64,\"Manufacturer\":\"VMware Virtual RAM\",\"PartNumber\":\"VMW-4096MB\",\"SerialNumber\":\"00000001\",\"Capacity\":4096}],\"VideoName\":\"T7YBKB\",\"VideoRAM\"
Source: getscreen-456311346-x86.exe, 00000000.00000002.4121011889.0000000002708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Console#0VMware Virtual RAMVMW-4096MB00000001
Source: getscreen-456311346-x86.exe, 00000000.00000002.4122124844.00000000048A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $VMware Virtual RAMl
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware Virtual RAM
Source: getscreen-456311346-x86.exe, 00000000.00000002.4123084665.0000000005A65000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: {"CPU":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","CPUSpeed":2000,"CPUCores":4,"CPUCoresLogical":1,"CPUFamily":"Intel64 Family 6 Model 143 Stepping 8","BIOS":"RPXYOBZ4WU","BIOSVersion":"20221121","BIOSDate":"","RAMPhys":8191,"RAMPhysAvail":2260,"RAMVirt":2047,"RAMVirtAvail":1881,"RAMPageFile":8191,"RAMBanks":[{"Bank":"RAM slot #0","Locator":"RAM slot #0","DataWidth":64,"Manufacturer":"VMware Virtual RAM","PartNumber":"VMW-4096MB","SerialNumber":"00000001","Capacity":4096}],"VideoName":"T7YBKB","VideoRAM":1024,"VideoCards":[{"Name":"T7YBKB","RAM":1024,"Integrated":false}],"Locale":"0809","LocaleOemPage":"1252","LocaleCountry":"Switzerland","LocaleCurrency":"CHF","LocaleTimezone":60,"LocaleFormatTime":"HH:mm:ss","LocaleFormatDate":"dd\/MM\/yyyy","ComputerModel":"DaGUZpUa","ComputerDomain":"Y8eaU","ComputerWorkgroup":"WORKGROUP","ComputerName":"user-PC","ComputerIP":["192.168.2.4","fe80::29b9:a951:1791:4eb3"],"OSName":"Microsoft Windows 10 Pro","OSVersion":"10.0.19045","HDD":[{"Model":"XTLPYVMY SCSI Disk Device",
Source: getscreen-456311346-x86.exe, 00000000.00000002.4121011889.0000000002742000.00000004.00000020.00020000.00000000.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4120191563.0000000002B31000.00000004.00000020.00020000.00000000.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1658824758.000000000285E000.00000004.00000020.00020000.00000000.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1831899903.00000000029F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeAPI call chain: ExitProcess graph end nodegraph_0-14189
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeAPI call chain: ExitProcess graph end nodegraph_1-12965
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeAPI call chain: ExitProcess graph end nodegraph_2-12965
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeAPI call chain: ExitProcess graph end nodegraph_4-12965
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_014A61B5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_014A61B5
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_025329E0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_025329E0
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_014A61B5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_014A61B5
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_0149FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0149FCA9
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 1_2_0149FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0149FCA9
Source: C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exeCode function: 2_2_012DFCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_012DFCA9
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 4_2_0149FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0149FCA9
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_013F7321 freerdp_input_send_extended_mouse_event,0_2_013F7321
Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\Desktop\getscreen-456311346-x86.exe "C:\Users\user\Desktop\getscreen-456311346-x86.exe" -cpipe \\.\pipe\PCommand96wqtzgijhjvbbpwc -cmem 0000pipe0PCommand96wqtzgijhjvbbpwc02jg7o38si0vg44 -childJump to behavior
Source: nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: loselink.button.copymain.isntall.howconnection.session.titleconnection.menu.copyconnection.menu.generatelogin.password.titlelogin.password.ennterlogin.active.help.1login.link.dashboard.1login.link.dashboard.2login.link.registerlogin.link.restorelogin.link.help.1login.link.help.2login.active.device.titlelogin.active.contactlogin.menu.dashboardlogin.menu.logoutsettings.common.titlesettings.common.agentsettings.common.languagesettings.common.startupsettings.common.onetimesettings.common.adminsettings.permission.titlesettings.permission.controlsettings.permission.audiosettings.permission.micsettings.permission.filesettings.permission.lock_inputsettings.permission.confirmsettings.proxy.buttoninvite.disableinvite.button.agreecall.income.textcall.income.acceptcall.income.rejectcall.out.textcall.out.cancelcall.connect.textcall.connect.closecall.active.closecall.rejecet.textcall.rejecet.againcall.rejecet.closecall.finish.textcall.finish.closeturbo.button.hideturbo.button.endturbo.button.proxyturbo.button.closeturbo.button.callturbo.button.chatturbo.confirm.closeturbo.confirm.close.yesturbo.confirm.close.noturbo.menu.exitturbo.menu.chatturbo.menu.showsettings.proxy.usesettings.proxy.serversettings.proxy.loginsettings.proxy.passwordsettings.proxy.applysettings.proxy.cancelconnection.confirm.acceptinstall.turbo.line2install.turbo.confirmconnection.link.titleconnection.link.text.4connection.link.title.2connection.link.title.3connection.link.getlogin.active.help.title.headlogin.active.help.title.2login.active.help.title.3connection.menu.clipboardconnection.menu.diactivateconnection.menu.disableShell_traywnd zC
Source: getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: loselink.button.copymain.isntall.howconnection.session.titleconnection.menu.copyconnection.menu.generatelogin.password.titlelogin.password.ennterlogin.active.help.1login.link.dashboard.1login.link.dashboard.2login.link.registerlogin.link.restorelogin.link.help.1login.link.help.2login.active.device.titlelogin.active.contactlogin.menu.dashboardlogin.menu.logoutsettings.common.titlesettings.common.agentsettings.common.languagesettings.common.startupsettings.common.onetimesettings.common.adminsettings.permission.titlesettings.permission.controlsettings.permission.audiosettings.permission.micsettings.permission.filesettings.permission.lock_inputsettings.permission.confirmsettings.proxy.buttoninvite.disableinvite.button.agreecall.income.textcall.income.acceptcall.income.rejectcall.out.textcall.out.cancelcall.connect.textcall.connect.closecall.active.closecall.rejecet.textcall.rejecet.againcall.rejecet.closecall.finish.textcall.finish.closeturbo.button.hideturbo.button.endturbo.button.proxyturbo.button.closeturbo.button.callturbo.button.chatturbo.confirm.closeturbo.confirm.close.yesturbo.confirm.close.noturbo.menu.exitturbo.menu.chatturbo.menu.showsettings.proxy.usesettings.proxy.serversettings.proxy.loginsettings.proxy.passwordsettings.proxy.applysettings.proxy.cancelconnection.confirm.acceptinstall.turbo.line2install.turbo.confirmconnection.link.titleconnection.link.text.4connection.link.title.2connection.link.title.3connection.link.getlogin.active.help.title.headlogin.active.help.title.2login.active.help.title.3connection.menu.clipboardconnection.menu.diactivateconnection.menu.disableShell_traywnd z_
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_00E589A0 cpuid 0_2_00E589A0
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeCode function: 0_2_0140E4DD rfx_context_new,GetVersionExA,GetNativeSystemInfo,RegOpenKeyExA,primitives_get,CreateThreadpool,rfx_context_set_pixel_format,0_2_0140E4DD

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies Internet Explorer zonemap settings
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getscreen.me httpJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getscreen.me httpsJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\getscreen.me httpJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\getscreen.me httpsJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior
Source: C:\Users\user\Desktop\getscreen-456311346-x86.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts631
Windows Management Instrumentation		1
Scripting		12
Process Injection		1
Masquerading		OS Credential Dumping731
Security Software Discovery		Remote Services1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory53
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Browser Session Hijacking		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)53
Virtualization/Sandbox Evasion		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Modify Registry		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Process Injection		LSA Secrets133
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Deobfuscate/Decode Files or Information		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Obfuscated Files or Information		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Software Packing		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
DLL Side-Loading		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1503284 Sample: getscreen-456311346-x86.exe Startdate: 03/09/2024 Architecture: WINDOWS Score: 54 26 getscreen.me 2->26 6 getscreen-456311346-x86.exe 490 2->6         started        11 nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe 6 2->11         started        13 svchost.exe 2->13         started        15 svchost.exe 2->15         started        process3 dnsIp4 28 getscreen.me 5.75.168.191, 443, 49732, 49733 HETZNER-ASDE Germany 6->28 30 51.89.95.37 OVHFR France 6->30 32 78.47.165.25, 443, 49741, 49742 HETZNER-ASDE Germany 6->32 22 nloywbvdyuzspalcel...texsaor-elevate.exe, PE32 6->22 dropped 24 nloywbvdyuzspalcel...exe:Zone.Identifier, ASCII 6->24 dropped 38 Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines) 6->38 40 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 6->40 42 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 6->42 46 3 other signatures 6->46 17 getscreen-456311346-x86.exe 6 3 6->17         started        20 getscreen-456311346-x86.exe 9 6->20         started        44 Query firmware table information (likely to detect VMs) 11->44 file5 signatures6 process7 signatures8 34 Query firmware table information (likely to detect VMs) 17->34 36 Modifies Internet Explorer zonemap settings 17->36

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
getscreen-456311346-x86.exe0%ReversingLabs
getscreen-456311346-x86.exe1%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe0%ReversingLabs
C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe1%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
getscreen.me0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-010%URL Reputationsafe
https://%S/%S/agent/chat$.typeoutprocessData4Z_0%Avira URL Cloudsafe
https://%S/%S/agent/chat$.typeoutprocessData4ZC0%Avira URL Cloudsafe
http://proxy.contoso.com:3128/0%Avira URL Cloudsafe
https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=link0%Avira URL Cloudsafe
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension0%Avira URL Cloudsafe
https://getscreen.me/signal/agent0%Avira URL Cloudsafe
https://getscreen.me/agent-policy0%Avira URL Cloudsafe
http://proxy.pcommand.com:31280%Avira URL Cloudsafe
https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=link0%VirustotalBrowse
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension1%VirustotalBrowse
http://proxy.pcommand.com:31280%VirustotalBrowse
http://proxy.contoso.com:3128/0%VirustotalBrowse
https://getscreen.me/agent-policy0%VirustotalBrowse
https://getscreen.me/signal/agent0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
getscreen.me
5.75.168.191
truetrueunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://getscreen.me/signal/agentfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=linkgetscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://proxy.contoso.com:3128/getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://%S/%S/agent/chat$.typeoutprocessData4Z_getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://%S/%S/agent/chat$.typeoutprocessData4ZCnloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01getscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpfalse
  • URL Reputation: safe
unknown
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extensiongetscreen-456311346-x86.exe, 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://getscreen.me/agent-policygetscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://proxy.pcommand.com:3128getscreen-456311346-x86.exe, 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmp, getscreen-456311346-x86.exe, 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmp, nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe, 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmp, getscreen-456311346-x86.exe, 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
78.47.165.25
unknownGermany
24940HETZNER-ASDEfalse
51.89.95.37
unknownFrance
16276OVHFRfalse
5.75.168.191
getscreen.meGermany
24940HETZNER-ASDEtrue

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1503284
Start date and time:2024-09-03 10:00:09 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 10m 28s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:getscreen-456311346-x86.exe
Detection:MAL
Classification:mal54.phis.evad.winEXE@9/448@6/3
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report creation exceeded maximum time and may have missing disassembly code information.
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • Report size getting too big, too many NtCreateKey calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

TimeTypeDescription
04:01:00API Interceptor10192503x Sleep call for process: getscreen-456311346-x86.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
78.47.165.25getscreen-941605629.exeGet hashmaliciousUnknownBrowse
    getscreen-941605629.exeGet hashmaliciousUnknownBrowse
      getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
        getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
          getscreen-511588515.exeGet hashmaliciousUnknownBrowse
            getscreen-973519027.exeGet hashmaliciousUnknownBrowse
              getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                  getscreen-728974364.exeGet hashmaliciousUnknownBrowse
                    getscreen-728974364.exeGet hashmaliciousUnknownBrowse
                      51.89.95.37getscreen-941605629-x86.exeGet hashmaliciousUnknownBrowse
                        getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                          getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                            getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
                              getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                                getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                                  getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                                    5.75.168.191getscreen-941605629-x86.exeGet hashmaliciousUnknownBrowse
                                      getscreen-941605629.exeGet hashmaliciousUnknownBrowse
                                        getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                                          getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                                            getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
                                              getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                                                getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                                                  getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                                                    getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                                                      getscreen-959987858.exeGet hashmaliciousUnknownBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        getscreen.megetscreen-941605629.exeGet hashmaliciousUnknownBrowse
                                                        • 78.47.165.25
                                                        getscreen-941605629-x86.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191
                                                        getscreen-941605629.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191
                                                        getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                                                        • 51.89.95.37
                                                        getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191
                                                        getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
                                                        • 78.47.165.25
                                                        getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191
                                                        getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191
                                                        getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                                                        • 78.47.165.25
                                                        getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        HETZNER-ASDEgetscreen-941605629.exeGet hashmaliciousUnknownBrowse
                                                        • 78.47.165.25
                                                        getscreen-941605629-x86.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191
                                                        getscreen-941605629.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191
                                                        http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                                                        • 116.203.55.214
                                                        http://instagrab000.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                        • 116.202.167.133
                                                        SecuriteInfo.com.Exploit.CVE-2017-0199.121.20522.7152.xlsxGet hashmaliciousFormBookBrowse
                                                        • 88.99.66.38
                                                        66d5ddcec1520_shtr.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                        • 5.75.220.8
                                                        66d5ddcbb9f86_vyre.exeGet hashmaliciousLummaC, VidarBrowse
                                                        • 5.75.220.8
                                                        Unlock_Tool_5.0.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                        • 116.203.12.50
                                                        Setup_IDM.exeGet hashmaliciousFredy StealerBrowse
                                                        • 5.161.243.5
                                                        OVHFRgetscreen-941605629-x86.exeGet hashmaliciousUnknownBrowse
                                                        • 51.89.95.37
                                                        BTC.exeGet hashmaliciousAsyncRAT, Rezlt, StormKitty, VenomRAT, Vermin Keylogger, WorldWind Stealer, XWormBrowse
                                                        • 91.134.207.16
                                                        https://src-assistanceclient.com/robots.txtGet hashmaliciousUnknownBrowse
                                                        • 54.37.149.170
                                                        http://instagrab000.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                        • 149.56.240.27
                                                        sBX8VM67ZE.exeGet hashmaliciousFormBookBrowse
                                                        • 94.23.162.163
                                                        ROOMING 24034 Period Check-in on July 5th and departure on July 15th, 2024.batGet hashmaliciousUnknownBrowse
                                                        • 94.23.17.185
                                                        RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                                        • 37.187.158.211
                                                        mirai.dbg.elfGet hashmaliciousMiraiBrowse
                                                        • 178.33.114.253
                                                        https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1EGet hashmaliciousHTMLPhisherBrowse
                                                        • 178.32.197.57
                                                        https://zi2oykzw.zone.investir-sur-mesure.fr/Get hashmaliciousHTMLPhisherBrowse
                                                        • 149.202.238.105
                                                        HETZNER-ASDEgetscreen-941605629.exeGet hashmaliciousUnknownBrowse
                                                        • 78.47.165.25
                                                        getscreen-941605629-x86.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191
                                                        getscreen-941605629.exeGet hashmaliciousUnknownBrowse
                                                        • 5.75.168.191
                                                        http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                                                        • 116.203.55.214
                                                        http://instagrab000.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                        • 116.202.167.133
                                                        SecuriteInfo.com.Exploit.CVE-2017-0199.121.20522.7152.xlsxGet hashmaliciousFormBookBrowse
                                                        • 88.99.66.38
                                                        66d5ddcec1520_shtr.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                        • 5.75.220.8
                                                        66d5ddcbb9f86_vyre.exeGet hashmaliciousLummaC, VidarBrowse
                                                        • 5.75.220.8
                                                        Unlock_Tool_5.0.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                        • 116.203.12.50
                                                        Setup_IDM.exeGet hashmaliciousFredy StealerBrowse
                                                        • 5.161.243.5

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\ProgramData\Getscreen.me\folder\settings.dat

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):64
                                                        Entropy (8bit):5.84375
                                                        Encrypted:false
                                                        SSDEEP:3:BvmbL2JfG3bIOM+C8uzP:qCfG3bRJuj
                                                        MD5:7DE1406B9FAB0BD4C539B99BB92E8F3F
                                                        SHA1:4CF2074BF086B3231E3492FE11F2D82E0D4119BC
                                                        SHA-256:DDF0876CE22BC27B03F38A180D3AD104BEF9E07428D366ADE046D4B499DF88FA
                                                        SHA-512:A98585C3BEFB4467C39B50F2C397553E3245EB128F7BAFC761FCFEAD63B21C87800EA65B06698F8CE759EAB3BFCF65CD4EDEB7730D3BF408AD7D184E05956F73
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:...J.+.q....:.OTV..$....l...7......,.6.<.....2.@\.%.+.#.K.jK..

                                                        C:\ProgramData\Getscreen.me\logs\20240903.log

                                                        Download File
                                                        Process:C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):48394
                                                        Entropy (8bit):5.053539574168324
                                                        Encrypted:false
                                                        SSDEEP:384:M9Pp2AQbX+85t+VUwLcGHuJ35RUDLrLmgmWSiwA3lPYDO:M9Pp2X+85t+VUmZ4bO
                                                        MD5:0F2A78373938ACDEA28FCCE09200436D
                                                        SHA1:3026265929E4FD6B3F811027548DE12C91108F9A
                                                        SHA-256:A61B441A11FC822E3D373F9234DE8CE68BCE35DD0D418E173B177E5D82BFC216
                                                        SHA-512:704E223E7B99D2E98835CE04F1874BA430EF3D05C0DFF9562DBD9ED8FAF0600210955370787B3113A9E97576F9B50596F8F715567DC8909803AB6AF4ECE09F80
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:09:31:16.231.INFO.GuiSessionList created new gui session for: 1, is active: false..09:31:16.232.INFO.Server start server run....09:31:16.232.INFO.Start Getscreen.me v 2.21.3 build 2 revision 0..09:31:16.350.INFO.GUI GUI started..09:31:16.474.INFO.CGuiSessionList m_active is null..09:31:16.654.INFO.CConfigStore Loaded config from `C:\ProgramData\Getscreen.me\folder\settings.dat`..09:31:16.655.ERROR.Service service 'GetscreenSV' not found..09:31:16.743.INFO.Service service 'GetscreenSV' installed..09:31:17.010.INFO.Service service 'GetscreenSV' start success..09:31:17.018.INFO.Service get control message 1..09:31:17.026.INFO.FrameMark hide frame..09:31:17.597.INFO.Service service 'GetscreenSV' stop [0] (87)..09:31:18.137.INFO.Service service 'GetscreenSV' removed..09:31:18.149.INFO.Child success get system token..09:31:18.153.INFO.Child start child process simply..09:31:18.153.INF

                                                        C:\ProgramData\Getscreen.me\logs\20240905.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):71069
                                                        Entropy (8bit):5.01290987904326
                                                        Encrypted:false
                                                        SSDEEP:384:Loe0HB66/HC00jyH12FA3NPoAHbGtjJQUkIAYOpng:Loe0HBZHC04yH12m70QUkIX1
                                                        MD5:FA74489E5CDADE4508A1EBA49986902C
                                                        SHA1:F0BE38814E5EC86D74A8F10F462004F09AB2B024
                                                        SHA-256:9FADD9D79E7C9C685279CD2C087BAC48BDAF8242B82A4132A905469F75066B08
                                                        SHA-512:40DF48F7F98AE1E5B76E95391D74E5EFFB3DED4A7E7EB4B6293866F623130DEBA56A52A9B68F5C7C892FD6E1EFEA5536A86E0916C86AB0BE9F4CC6EB65A52802
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:22:03:41.206.INFO.Signaling force websocket stop..22:05:46.980.INFO.Signaling force websocket stop..22:05:56.071.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:06:19.342.INFO.Socket connected to getscreen.me:443..22:08:01.267.INFO.Signaling force websocket stop..22:08:01.268.ERROR.Socket unable to read..22:08:01.268.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:08:01.268.ERROR.WebSocket connection error getscreen.me/signal/agent..22:10:07.026.INFO.Signaling force websocket stop..22:12:12.784.INFO.Signaling force websocket stop..22:13:53.725.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:14:53.724.INFO.Signaling force websocket stop..22:15:30.929.INFO.Socket connected to getscreen.me:443..22:16:59.485.INFO.Signaling force websocket stop..22:16:59.486.ERROR.Socket unable to read..22:16:

                                                        C:\ProgramData\Getscreen.me\logs\20240906.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):18499
                                                        Entropy (8bit):5.022872894071499
                                                        Encrypted:false
                                                        SSDEEP:192:YfJJe+dcrjt8ZutLEfaXqPD3XRON3T4a+SMpMG1Da5ara5XPbCUOR6IHw/SmZfCH:HJcleoJ0TE
                                                        MD5:FB928813A8AACAB5E1C4DF654E0D0F6C
                                                        SHA1:AEC16A43068B4CB4594145286C1440A04BB53F15
                                                        SHA-256:EF52CB6A36AD1510C7B200CCB8EDDBBCF08BEBCEBBC81C42E6C8E0860C49A6A3
                                                        SHA-512:51D32E9DE5111C914EBAFA7CED9C0767B6E95C820E8ED4C980F51C96C03DC603EB729985116483536EDAC5D67F0E2D537E9C14794DD876D4782C2F91BD747D05
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:13:27:42.477.INFO.Signaling force websocket stop..13:28:42.284.ERROR.Socket unable to read..13:28:42.284.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:28:42.284.ERROR.WebSocket connection error getscreen.me/signal/agent..13:30:48.055.INFO.Signaling force websocket stop..13:32:53.815.INFO.Signaling force websocket stop..13:34:19.450.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:34:46.794.INFO.Socket connected to getscreen.me:443..13:36:24.844.INFO.Signaling force websocket stop..13:36:24.845.ERROR.Socket unable to read..13:36:24.845.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:36:33.953.ERROR.WebSocket connection error getscreen.me/signal/agent..13:38:30.609.INFO.Signaling force websocket stop..13:40:36.370.INFO.Signaling force websocket stop..13:41:

                                                        C:\ProgramData\Getscreen.me\logs\20240908.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):46345
                                                        Entropy (8bit):5.010717627035398
                                                        Encrypted:false
                                                        SSDEEP:192:JmDsuNpjOTz2iQntl0BAikN4KUUMalKlZtY7bis6Xlirvguz71iVj5BTTq4vzCek:Y1TuRvyX/doWIBebLyprVb+MUaekm
                                                        MD5:A5A484AB34FDFD84047CD0EA5F4DA16A
                                                        SHA1:616457443E4ACE7E0971AB3D0EB667A2583649B2
                                                        SHA-256:E0D37CD3240FFF9FF4832AD211638943A0D83A891752D8AE44909BD97EF5B226
                                                        SHA-512:3C7B485AD73C07A624685D4652A6A25501CDF5A02B1E2FC3EBB25AEE3EF8D148317A1013064AE231881BF4079AAB62FED5E9C6FA09E8BA4B2D9E4A970F79CF81
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:20:54:35.977.INFO.Signaling force websocket stop..20:54:35.991.ERROR.Socket unable to read..20:54:35.991.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:54:35.991.ERROR.WebSocket connection error getscreen.me/signal/agent..20:56:41.755.INFO.Signaling force websocket stop..20:58:47.523.INFO.Signaling force websocket stop..21:00:23.813.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:01:47.655.INFO.Socket connected to getscreen.me:443..21:02:27.766.INFO.Signaling force websocket stop..21:02:27.766.ERROR.Socket unable to read..21:02:27.766.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:02:42.106.ERROR.WebSocket connection error getscreen.me/signal/agent..21:04:33.531.INFO.Signaling force websocket stop..21:06:39.291.INFO.Signaling force websocket stop..21:08:

                                                        C:\ProgramData\Getscreen.me\logs\20240910.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):16976
                                                        Entropy (8bit):5.01209766698886
                                                        Encrypted:false
                                                        SSDEEP:192:1xkVR+8dfC3Yaxt4jXBWh7/Qx1ldbYwfysVWBFnn6Bw9Wbj0IVkSeSsHYE1TFpDL:shVRWh7l6D0
                                                        MD5:37D32E618841A566EB27867CD8DED67F
                                                        SHA1:DFFEB4E6D84E4F3838AEA998289D9F143FE339F6
                                                        SHA-256:D8598AA2144C0C0BF006E976CC5A7C976FBB6C50B7226033B7B6EF437CBD6742
                                                        SHA-512:597D38AD9B5C7E39DE22138413D930D413AEE3D81360988DFC1D4B8C94F3994A0CE13F447725F43D9F4ECFFDA19CAE4113C136FA1DC9AD67F24116FE711CC171
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:10:04:21.795.INFO.Signaling force websocket stop..10:06:03.923.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:06:08.984.INFO.Socket connected to getscreen.me:443..10:08:09.899.INFO.Signaling force websocket stop..10:08:09.899.ERROR.Socket unable to read..10:08:09.900.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:08:09.900.ERROR.WebSocket connection error getscreen.me/signal/agent..10:10:15.661.INFO.Signaling force websocket stop..10:12:21.420.INFO.Signaling force websocket stop..10:13:30.775.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:14:43.764.INFO.Socket connected to getscreen.me:443..10:15:34.726.INFO.Signaling force websocket stop..10:15:34.726.ERROR.Socket unable to read..10:15:34.726.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                                        C:\ProgramData\Getscreen.me\logs\20240912.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):44521
                                                        Entropy (8bit):5.015233667510592
                                                        Encrypted:false
                                                        SSDEEP:384:W5HCMTJnyxDDXZYhoXF0NehO8aMaI6sepBMmVrg6c:OTJn7hoXF0UhO8aMaIrepBMmVrg6c
                                                        MD5:AE9AD8A0C09F9802CBB3E3E919DDE897
                                                        SHA1:813EE331567293EC7CBF1FE5E1F1C5A746C19490
                                                        SHA-256:EBADE3E70A2980FDE6CC355D1E28EF35CBD6E708DBF2944640167134FA25CF8B
                                                        SHA-512:609A60569176E775CA7494A92FDA795579C8750C7FD71418FDC46DD692FB03BF9687A11621A434D7493142632B85FC349B1EA1087E209F945D90EE0B3F01E5DF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:17:15:43.416.INFO.Signaling force websocket stop..17:15:43.419.INFO.Socket connected to getscreen.me:443..17:15:45.755.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:15:45.755.ERROR.WebSocket connection error getscreen.me/signal/agent..17:17:49.189.INFO.Signaling force websocket stop..17:19:54.949.INFO.Signaling force websocket stop..17:22:00.708.INFO.Signaling force websocket stop..17:22:11.544.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:22:31.140.INFO.Socket connected to getscreen.me:443..17:24:17.133.INFO.Signaling force websocket stop..17:24:17.133.ERROR.Socket unable to read..17:24:17.134.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:24:17.134.ERROR.WebSocket connection error getscreen.me/signal/agent..17:26:22.900.INFO.Signaling force websocke

                                                        C:\ProgramData\Getscreen.me\logs\20240913.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4971
                                                        Entropy (8bit):4.998860590446572
                                                        Encrypted:false
                                                        SSDEEP:48:yBvKKNPArhrRDprCQUMDe7gFDsYtcc+6DCxFI2DIEvt9lIdDMzvgaGDWcu+LCDr0:8vdQi7TYtcBxSEVBbNV+UctRzSUQW
                                                        MD5:E132350385BB18FAB47AAA848B3E1EF3
                                                        SHA1:1601CBAE038FB9EBA79ECD0561CFE5F690C89C97
                                                        SHA-256:1BC54223153D3298D7514AC011CCC79C1A5A7291AC6B94053851A8962F9845F0
                                                        SHA-512:FBE4F9C4B1965C0B0D54E68F1809FC8D026423EC68A08ED362AF0E1F95B0D7D85F80A485F54767696AF71006FAE3D49F2F0704511251649DF8B46F2977A6E9CF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:02:53:40.332.INFO.Signaling force websocket stop..02:54:02.812.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:54:10.200.INFO.Socket connected to getscreen.me:443..02:56:07.439.INFO.Signaling force websocket stop..02:56:07.440.ERROR.Socket unable to read..02:56:07.440.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:56:07.440.ERROR.WebSocket connection error getscreen.me/signal/agent..02:58:13.210.INFO.Signaling force websocket stop..02:59:13.073.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:59:23.174.INFO.Socket connected to getscreen.me:443..03:01:18.669.INFO.Signaling force websocket stop..03:01:18.670.ERROR.Socket unable to read..03:01:18.670.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:01:18.670.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20240915.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):180150
                                                        Entropy (8bit):5.019482101726404
                                                        Encrypted:false
                                                        SSDEEP:1536:VV9UjmrVNwV+tgmYtJ/RiwO3Z2sWNftBst63xY:VPq6VNwV+tgmY07WNy63a
                                                        MD5:C049ED4DF0BB0FA82849668504FB729E
                                                        SHA1:7D70806EC110FEC1CCD4FB944CD8BE977EC3AA50
                                                        SHA-256:961241B246EBDC32C3B1B4702EB3EB3E428266EC121986E1098ED1592785E951
                                                        SHA-512:59AF1462FFE35A8ACCE164DFF91D4AE98DF43CC4AB2D3689B68FE0022CCC9AD2494B04ACF1180A95EF0A206FA2B994882EFD97CD74FC4EC028813B4992581A33
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:07:08:07.770.INFO.Signaling force websocket stop..07:11:13.340.INFO.Signaling force websocket stop..07:12:24.444.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:13:18.132.INFO.Socket connected to getscreen.me:443..07:14:29.440.INFO.Signaling force websocket stop..07:14:29.440.ERROR.Socket unable to read..07:14:29.440.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:14:29.534.ERROR.WebSocket connection error getscreen.me/signal/agent..07:16:35.197.INFO.Signaling force websocket stop..07:18:40.958.INFO.Signaling force websocket stop..07:20:46.715.INFO.Signaling force websocket stop..07:21:36.887.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:23:41.502.INFO.Signaling force websocket stop..07:23:41.502.ERROR.Socket failed connect to getscreen.me:443..07:23:41.889.ERROR.WebSocket connection error

                                                        C:\ProgramData\Getscreen.me\logs\20240916.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):16268
                                                        Entropy (8bit):5.009084472287172
                                                        Encrypted:false
                                                        SSDEEP:192:46DxZN1Fj7bIpmbuxH9d2HtWQDLw+F6hjSQMiaMQkwHlg8QJkMikgBkc2kJAk2Zx:7lPo3Ad2wmoIX
                                                        MD5:54EEB0FCF240B036E4D52F46F65D5B87
                                                        SHA1:8BDF9AD89528E3F35B77BD5A5AB776AE09D33E6A
                                                        SHA-256:423587EA06727DF24B5E7601880F9B1A164550803808BBCFC4289F749F1BF130
                                                        SHA-512:AA2605ED31DA4F417C0A45F5D81D4B608D3FB35BBBFD7DDBE79560FCB3C303BD888669B97487830565143337CBAAFBB237EE024C8CBE4A1F254BA543B2381364
                                                        Malicious:false
                                                        Preview:22:23:23.856.INFO.Signaling force websocket stop..22:24:23.665.ERROR.Socket unable to read..22:24:23.665.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:24:23.665.ERROR.WebSocket connection error getscreen.me/signal/agent..22:26:29.441.INFO.Signaling force websocket stop..22:28:35.199.INFO.Signaling force websocket stop..22:30:14.008.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:30:35.736.INFO.Socket connected to getscreen.me:443..22:32:19.017.INFO.Signaling force websocket stop..22:32:19.017.ERROR.Socket unable to read..22:32:19.017.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:32:24.830.ERROR.WebSocket connection error getscreen.me/signal/agent..22:34:24.784.INFO.Signaling force websocket stop..22:36:30.543.INFO.Signaling force websocket stop..22:38:

                                                        C:\ProgramData\Getscreen.me\logs\20240918.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):61517
                                                        Entropy (8bit):5.019957034704957
                                                        Encrypted:false
                                                        SSDEEP:384:YcD31icDhAGrsI5Zd5HSuYC5k2gwGgxV3gYCKZNma7s:YcD31pDhAGR5ZHYCOygYCKZ7s
                                                        MD5:77E4EA678E9057050AE165AA4F28CFF5
                                                        SHA1:97B3A2E8241253BBC4DA2782FF167E9C8880B8CB
                                                        SHA-256:7251C7AAB2C553B4BC383B64CC058C554F2AB3BDC4F8B002DECDDA04945802AB
                                                        SHA-512:A059654A177D07E231E02F10EB1B28BEB27F2308DF25D5210CAAE96041DE14165811C7FDA4052FEB8CCFE885F2909180A698837929433D2B4B9C9F964168D269
                                                        Malicious:false
                                                        Preview:05:12:36.090.INFO.Signaling force websocket stop..05:12:36.091.INFO.Socket connected to getscreen.me:443..05:13:35.930.ERROR.Socket unable to read..05:13:35.930.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:13:35.930.ERROR.WebSocket connection error getscreen.me/signal/agent..05:15:41.713.INFO.Signaling force websocket stop..05:17:11.028.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:17:11.252.INFO.Socket connected to getscreen.me:443..05:19:17.017.INFO.Signaling force websocket stop..05:19:17.017.ERROR.Socket unable to read..05:19:17.002.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:19:17.028.ERROR.WebSocket connection error getscreen.me/signal/agent..05:21:22.817.INFO.Signaling force websocket stop..05:23:28.576.INFO.Signaling force websocket sto

                                                        C:\ProgramData\Getscreen.me\logs\20240920.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2092
                                                        Entropy (8bit):5.010321798514123
                                                        Encrypted:false
                                                        SSDEEP:48:SAkD+bftYAYGfOyGGI5bJvRDFbxH31Dxbn:775Yntz51rdHfb
                                                        MD5:D90A15336941FE638677B9AD3F1D182A
                                                        SHA1:AC385928BD6D7C66465B7ABDD750F564AAC3BEB5
                                                        SHA-256:FDA23768564EA4125135A26DA156FCC2D24512C0C96B099E06E7C889AFF76201
                                                        SHA-512:6C32322B5284CCF8C47FBA7AA76E64CF83BC5457E84B53F76EDF5E55C19634EF14E028FFA2F062405DFAB23163E164967FB8F4F44A82208AE81FA2DD470ABC11
                                                        Malicious:false
                                                        Preview:21:38:21.128.INFO.Socket connected to getscreen.me:443..21:39:28.367.INFO.Signaling force websocket stop..21:39:28.395.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:39:28.395.ERROR.WebSocket connection error getscreen.me/signal/agent..21:41:34.168.INFO.Signaling force websocket stop..21:43:39.926.INFO.Signaling force websocket stop..21:45:45.683.INFO.Signaling force websocket stop..21:45:59.232.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:48:03.186.INFO.Signaling force websocket stop..21:48:03.186.ERROR.Socket failed connect to getscreen.me:443..21:48:03.767.ERROR.WebSocket connection error getscreen.me/signal/agent..21:50:08.944.INFO.Signaling force websocket stop..21:52:14.707.INFO.Signaling force websocket stop..21:54:20.464.INFO.Signaling force websocket stop..21:55:51.334.INFO.Signaling start connection

                                                        C:\ProgramData\Getscreen.me\logs\20240922.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):48350
                                                        Entropy (8bit):5.007922452834146
                                                        Encrypted:false
                                                        SSDEEP:192:1fk+gke8k8TQkl/Sk5h/8d2zvbck+5fv4VA+vuAGiyeUdYyXfTgp5miNvDdRVJ9U:aIQarnMbkIA/CtNfG+v0sijE+WxXkvG
                                                        MD5:86D8503E3DBA0E4A4BF6E2730838F673
                                                        SHA1:B065697695D48265344234E8AD6363BDFAEB16E8
                                                        SHA-256:3F87CA7A873FEB52283D1C20E296FF92E12C88E38080A3ABC882CFEC87F7FD19
                                                        SHA-512:A3039C18B8A6744C16DFADA11B26EB677D5857DD330D3A390033F36DBBA9D55B0C5D275F8D4909409338FDE3A676C91C964FD38C08EE95BAE91A3280A67EB375
                                                        Malicious:false
                                                        Preview:01:23:33.081.INFO.Signaling force websocket stop..01:25:38.852.INFO.Signaling force websocket stop..01:26:00.561.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:26:58.982.INFO.Socket connected to getscreen.me:443..01:28:05.933.INFO.Signaling force websocket stop..01:28:05.934.ERROR.Socket unable to read..01:28:05.934.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:28:05.934.ERROR.WebSocket connection error getscreen.me/signal/agent..01:31:05.288.INFO.Signaling force websocket stop..01:33:11.047.INFO.Signaling force websocket stop..01:35:16.804.INFO.Signaling force websocket stop..01:35:21.247.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:35:34.254.INFO.Socket connected to getscreen.me:443..01:37:26.838.INFO.Signaling force websocket stop..01:37:26.838.ERROR.Socket unable to read..01:37:

                                                        C:\ProgramData\Getscreen.me\logs\20240923.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):103377
                                                        Entropy (8bit):5.0175437730619645
                                                        Encrypted:false
                                                        SSDEEP:768:Eaegfm8Lc8kbpS0nqkR5SUJ1ulBYKgJ3pWD:Fesc84pS0nT5vpZpWD
                                                        MD5:D41FBC0AF0BE02C9BC4E12A0242B0400
                                                        SHA1:48600A98A61EFF82ED54FABB2059882C4A3C71C2
                                                        SHA-256:C906287F6755955C83BDEC11977B348B36C51523B67CFA340656A4F62FECE9CA
                                                        SHA-512:7A866969077435B69AF70403348208258A73AD683F7A46F2ED18332F139CE8421C0F46BFA9228D1B5079D97B761828BB8B514E5D9D7240FB1CA87EED185A7B55
                                                        Malicious:false
                                                        Preview:11:48:26.841.INFO.Signaling force websocket stop..11:49:26.647.ERROR.Socket unable to read..11:49:26.647.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:49:26.647.ERROR.WebSocket connection error getscreen.me/signal/agent..11:50:58.145.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:50:58.369.INFO.Socket connected to getscreen.me:443..11:53:04.158.INFO.Signaling force websocket stop..11:53:04.159.ERROR.Socket unable to read..11:53:04.159.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:53:04.159.ERROR.WebSocket connection error getscreen.me/signal/agent..11:55:09.946.INFO.Signaling force websocket stop..11:55:43.848.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:55:44.076.INFO.Socket connected to getscreen.me:443..11:57:49.859.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20240925.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):75379
                                                        Entropy (8bit):5.017891048436084
                                                        Encrypted:false
                                                        SSDEEP:768:oqxo61M9ZqSLTtW5y5gh+wcUCByIeJi+3KsJ+2Cg:oqxo618BW5ypWJl
                                                        MD5:12603A8E509E0299879F6EF83B181AEE
                                                        SHA1:C995685CECBD8E7D7EB75479F81A83C33DD484ED
                                                        SHA-256:C9DF95BC0D42A4C6DBBF965AB5BB31458CA4DEF00FA13C4F035CAD66CB913344
                                                        SHA-512:15BC87858F89DEDBFD6A00D9194B02C4DE18BB66F69674F10A6A2C03A59C7A7543F9C2706A7CBBE93E2634B32EF0B8D7CC2C43E0D95C209FAB628D83F4B2666A
                                                        Malicious:false
                                                        Preview:14:09:16.869.INFO.Signaling force websocket stop..14:10:16.664.INFO.Socket connected to getscreen.me:443..14:10:19.984.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:10:20.952.ERROR.WebSocket connection error getscreen.me/signal/agent..14:12:22.457.INFO.Signaling force websocket stop..14:14:28.213.INFO.Signaling force websocket stop..14:15:17.826.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:17:23.003.INFO.Signaling force websocket stop..14:17:23.004.ERROR.Socket failed connect to getscreen.me:443..14:17:23.391.ERROR.WebSocket connection error getscreen.me/signal/agent..14:19:28.761.INFO.Signaling force websocket stop..14:21:34.527.INFO.Signaling force websocket stop..14:23:40.284.INFO.Signaling force websocket stop..14:24:44.406.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:25:37.139.INFO.Socke

                                                        C:\ProgramData\Getscreen.me\logs\20240926.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):72202
                                                        Entropy (8bit):5.021254301904805
                                                        Encrypted:false
                                                        SSDEEP:768:XZEO0OXNGr7cy7jmiK5iyr1pSCCRerRHn:XlNGr7cy7jmiK5iyr1pSCGerRHn
                                                        MD5:48AF9DEBB3D58C99F3A16C6E2AF972FF
                                                        SHA1:B29453475647F4EAA41376904B2115FB9A2D899A
                                                        SHA-256:F686FC0C55A3F350D9086A30BE7047BF19B7A23C43A1569C3354320C37A0615F
                                                        SHA-512:22110483B3279D600FE7E4ECEFFCAAD108F102DABF9925C73D6CD86E41C3FC8DF4CC797B4826D86BF0DED89CA56050D6F2CC7EA136E5CE49389F1BFB72399E87
                                                        Malicious:false
                                                        Preview:07:20:02.105.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:21:02.116.INFO.Signaling force websocket stop..07:21:31.031.INFO.Socket connected to getscreen.me:443..07:23:07.917.INFO.Signaling force websocket stop..07:23:07.917.ERROR.Socket unable to read..07:23:07.917.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:23:07.917.ERROR.WebSocket connection error getscreen.me/signal/agent..07:25:13.684.INFO.Signaling force websocket stop..07:27:19.444.INFO.Signaling force websocket stop..07:29:02.709.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:29:26.956.INFO.Socket connected to getscreen.me:443..07:31:07.525.INFO.Signaling force websocket stop..07:31:07.525.ERROR.Socket unable to read..07:31:07.525.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                                        C:\ProgramData\Getscreen.me\logs\20240928.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):101282
                                                        Entropy (8bit):5.018527758602936
                                                        Encrypted:false
                                                        SSDEEP:768:cbxFa5if5tMztlAkTMJG9AbDYzQ7NU+919P1l8D:EFcif5Gz4kKG9WkzQ7ez
                                                        MD5:94458A5FBB3B5F716E7DA93FEE59DC94
                                                        SHA1:9B7D118BA254B3F3730AF5156F70508248207D57
                                                        SHA-256:C6D4F22A43E88204303442308786FC9A98644E4464F94DC99050427DCF1609CD
                                                        SHA-512:C5E5F5DF8C322047C7702384AF173EE52D3CC889AEF92CA58FD8001F826CA58D4219E026811798BB16EE7CF38C7A94D877D55890672570742EA4DF616468255E
                                                        Malicious:false
                                                        Preview:03:18:11.927.INFO.Signaling force websocket stop..03:19:20.568.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:19:32.805.INFO.Socket connected to getscreen.me:443..03:21:25.969.INFO.Signaling force websocket stop..03:21:25.969.ERROR.Socket unable to read..03:21:25.969.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:21:26.164.ERROR.WebSocket connection error getscreen.me/signal/agent..03:23:31.741.INFO.Signaling force websocket stop..03:25:37.506.INFO.Signaling force websocket stop..03:25:37.490.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:26:37.815.INFO.Socket connected to getscreen.me:443..03:27:41.489.INFO.Signaling force websocket stop..03:27:41.490.ERROR.Socket unable to read..03:27:41.490.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                                        C:\ProgramData\Getscreen.me\logs\20240929.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):214972
                                                        Entropy (8bit):5.017258746516169
                                                        Encrypted:false
                                                        SSDEEP:768:hGsYYhDUnPhbKjf23SGEAGQ4BKvi2Nm2oF0ahzQO88JIlNDShYIvd4nNgkNt3pyn:hGsYYhSKKChXBr188gNDShYIv9Eu
                                                        MD5:0B2B917762503888FFB54FEF3CD3FA6D
                                                        SHA1:59A6A1E628748AEC0BF2F48BFF7F4D0A3287F2D9
                                                        SHA-256:717058E7EC3F497B4713F36BD187427C1ABDB31B34A4CE72C17BA106B4799103
                                                        SHA-512:6ECBD59EC426F99DE35A1000640048B28EC417D12AA5149F5522462B480213D7A785C6F1F15EDE7C811779C3806E72EEA7FA6CD72B02D5C133CF359CA26138E5
                                                        Malicious:false
                                                        Preview:02:49:18.529.INFO.Signaling force websocket stop..02:49:18.519.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:49:18.600.INFO.Socket connected to getscreen.me:443..02:51:24.440.INFO.Signaling force websocket stop..02:51:24.440.ERROR.Socket unable to read..02:51:24.440.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:51:24.441.ERROR.WebSocket connection error getscreen.me/signal/agent..02:53:30.203.INFO.Signaling force websocket stop..02:55:35.982.INFO.Signaling force websocket stop..02:56:33.326.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:57:33.347.INFO.Socket connected to getscreen.me:443..02:58:37.297.INFO.Signaling force websocket stop..02:58:37.297.ERROR.Socket unable to read..02:58:37.297.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                                        C:\ProgramData\Getscreen.me\logs\20240930.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):12645
                                                        Entropy (8bit):5.003100456004004
                                                        Encrypted:false
                                                        SSDEEP:192:hiV75kJVk1ukO+k3wCP3HhjqG+owDpvcf4EhDl8DkNokCZK7yxcje7ViOawb66zY:1wf2gG+ord
                                                        MD5:2C8E97F1E2D8B2F6D75B38354C810CBF
                                                        SHA1:06CD88D0AE369FB46FD98ADE80AFA264F8F99BFC
                                                        SHA-256:069EFAD9E81BCAF4C5E7C830931285F7F66E2159F7494E497863E0A6ABB2B7CF
                                                        SHA-512:07E60D4D164E56AA4EF7A29322679BE22613E3282121D2749B1B97FB5E20B73B3A6E36CACFA03E456CA19C2EEADC2D044C0ED84AE4A73BAC4414007D25515F34
                                                        Malicious:false
                                                        Preview:01:24:03.767.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:24:26.869.INFO.Signaling force websocket stop..01:24:26.949.INFO.Socket connected to getscreen.me:443..01:26:32.766.INFO.Signaling force websocket stop..01:26:32.767.ERROR.Socket unable to read..01:26:32.767.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:26:32.767.ERROR.WebSocket connection error getscreen.me/signal/agent..01:28:38.528.INFO.Signaling force websocket stop..01:31:13.861.INFO.Signaling force websocket stop..01:33:19.620.INFO.Signaling force websocket stop..01:35:25.378.INFO.Signaling force websocket stop..01:35:27.496.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:35:41.867.INFO.Socket connected to getscreen.me:443..01:37:33.287.INFO.Signaling force websocket stop..01:37:33.288.ERROR.Socket unable to read..01:37:

                                                        C:\ProgramData\Getscreen.me\logs\20241002.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):3028
                                                        Entropy (8bit):5.013917921828463
                                                        Encrypted:false
                                                        SSDEEP:48:sXCD/0ZXoIU3D/5ivbz2DqsZG7vaDmybQJ8Pw+PBDSSvnvY:sc01u54XRsZgRyUJ8o+PkS3Y
                                                        MD5:2D73E5F3E5AB23FB2B6EBE0EEA961202
                                                        SHA1:920C3571C243B69001A214A481CA7C1BA09A420C
                                                        SHA-256:389B2C0B7A9651D8DBA98ECEA68ED28821F8901FD9C22AF05D364E68F9E61916
                                                        SHA-512:F43DC08BE877D3BEFF6A70C1E117361803DA108B7244F738B544345EC1D62C238A53747FAE43EE478CFCCFF39E63A26F9EB60DFE5F41F24136928ECFA274EAA6
                                                        Malicious:false
                                                        Preview:07:17:26.314.INFO.Signaling force websocket stop..07:18:26.118.INFO.Socket connected to getscreen.me:443..07:18:28.740.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:18:30.002.ERROR.WebSocket connection error getscreen.me/signal/agent..07:20:31.899.INFO.Signaling force websocket stop..07:22:37.659.INFO.Signaling force websocket stop..07:24:37.008.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:25:05.524.INFO.Socket connected to getscreen.me:443..07:26:42.797.INFO.Signaling force websocket stop..07:26:42.797.ERROR.Socket unable to read..07:26:42.797.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:26:52.487.ERROR.WebSocket connection error getscreen.me/signal/agent..07:28:48.568.INFO.Signaling force websocket stop..07:30:54.327.INFO.Signaling force websocke

                                                        C:\ProgramData\Getscreen.me\logs\20241004.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):103030
                                                        Entropy (8bit):5.018851794102652
                                                        Encrypted:false
                                                        SSDEEP:384:xzpm0A7VaJamqctK61SQV4ZCyG77+hFJJWV9Z4kNnUi:xlm0ABa4E9UZCyG77+hFJJ69ZP
                                                        MD5:DAFCE9B485D8D483E25B08B0842A70FD
                                                        SHA1:7BCC0BFEED6339B96BEF504CF58EDEA7A79CCF8B
                                                        SHA-256:5D3073E31D77C65D0BD1636342FA7ACDF4C7D4D6EFF5BBF18BD882EF0AC4E378
                                                        SHA-512:A428243237132F109EFF49E181A774AE874D36A0386C614718315F98A78DA7FC62F9A4DAB782C7CC5A41D4A8435D8D24CD783B6C16EE6A266A817421FF3C2EC6
                                                        Malicious:false
                                                        Preview:11:15:21.516.INFO.Signaling force websocket stop..11:15:21.528.INFO.Socket connected to getscreen.me:443..11:15:23.084.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:15:24.246.ERROR.WebSocket connection error getscreen.me/signal/agent..11:17:27.291.INFO.Signaling force websocket stop..11:19:33.060.INFO.Signaling force websocket stop..11:21:38.818.INFO.Signaling force websocket stop..11:23:22.083.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:23:28.510.INFO.Socket connected to getscreen.me:443..11:25:26.905.INFO.Signaling force websocket stop..11:25:26.905.ERROR.Socket unable to read..11:25:26.906.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:25:26.906.ERROR.WebSocket connection error getscreen.me/signal/agent..11:27:32.674.INFO.Signaling force websocke

                                                        C:\ProgramData\Getscreen.me\logs\20241006.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):6922
                                                        Entropy (8bit):5.013979426867843
                                                        Encrypted:false
                                                        SSDEEP:96:PJrSl7Bl3DFSvXPqGvqSLoG+vobo+iLHzj:xrSNBl3DFSvXy6qSLb+vobo+iLHzj
                                                        MD5:005B674E75093FFD6EE76427EBAE6741
                                                        SHA1:E49E639F43EC3CA1452ABF0339A2E9FF0BE207A1
                                                        SHA-256:386AE9B7DB34766FFA712E09AEFB4CFB2F28826E5EB3CA2766FD96672B28AD1A
                                                        SHA-512:043F7D877838ACCE20B5601880EF01FC6097FBD796BDB857AA0EFABF0EEB570D5BE792EF40CDEF9FADC798FCA74DF7971A03A8627821EB0D3652A760567B00BC
                                                        Malicious:false
                                                        Preview:13:14:23.123.INFO.Signaling force websocket stop..13:15:22.925.INFO.Socket connected to getscreen.me:443..13:15:25.560.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:15:26.629.ERROR.WebSocket connection error getscreen.me/signal/agent..13:17:28.718.INFO.Signaling force websocket stop..13:19:34.477.INFO.Signaling force websocket stop..13:20:24.649.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:20:59.362.INFO.Socket connected to getscreen.me:443..13:22:29.274.INFO.Signaling force websocket stop..13:22:29.275.ERROR.Socket unable to read..13:22:29.275.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:22:38.090.ERROR.WebSocket connection error getscreen.me/signal/agent..13:24:35.048.INFO.Signaling force websocket stop..13:26:40.808.INFO.Signaling force websocke

                                                        C:\ProgramData\Getscreen.me\logs\20241007.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):47407
                                                        Entropy (8bit):5.018903963645003
                                                        Encrypted:false
                                                        SSDEEP:192:BepwRhm4CmfN301VCXBXmH+K2RdRr4jEQQeMLSOEKxmk5CJPwb/wuYdxPLKW9rpW:BOcllwuYhtQR7a81Wqd7Q2iNMIxb85
                                                        MD5:D4A1E4DEA4BFBEE814FA65F03B8875C7
                                                        SHA1:A7FE856145752E4A2E8A14EBA38576A7AD050F4A
                                                        SHA-256:421594A3C3766DD18138AF4AC4491BD2C766F08179EA4AC6C0BCC1445D68F986
                                                        SHA-512:5D6E4A3E63A5FF06E829B7B204D519FA7A0926EC4596F88E2263232B5061A2FF2D2D8B0EA680E2E5F847A03012753D6CB8891245F63F9E878FC7948DF9ACBDF4
                                                        Malicious:false
                                                        Preview:14:47:36.905.INFO.Signaling force websocket stop..14:48:36.888.ERROR.Socket unable to read..14:48:36.888.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:48:36.888.ERROR.WebSocket connection error getscreen.me/signal/agent..14:50:42.670.INFO.Signaling force websocket stop..14:52:48.434.INFO.Signaling force websocket stop..14:53:52.753.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:55:14.749.INFO.Socket connected to getscreen.me:443..14:55:58.154.INFO.Signaling force websocket stop..14:55:58.155.ERROR.Socket unable to read..14:55:58.156.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:56:03.583.ERROR.WebSocket connection error getscreen.me/signal/agent..14:58:03.931.INFO.Signaling force websocket stop..15:00:09.692.INFO.Signaling force websocket stop..15:00:

                                                        C:\ProgramData\Getscreen.me\logs\20241009.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):93085
                                                        Entropy (8bit):5.020011855788112
                                                        Encrypted:false
                                                        SSDEEP:768:9OKMsEamCbJy0pAx6LmAYawo+hdyKnN9CtB:uCbJa6LmA3adyKnN8tB
                                                        MD5:055A81E58521AB47F3B1A8BCED23E2EF
                                                        SHA1:8486EFC79FD161B44508D97732505F8059EE8EB9
                                                        SHA-256:C6DAEFC36F16E3A1CDCCF17F1E69F2EB5D66DEF91A89CD6C72615E47A7FA5CB4
                                                        SHA-512:B57513FBA8BBFF086DCDDEA9A97C59C88BF7752E59849E5D977C35255B7DE0310DE428A0BB6CF8BFFBE740A530F8C0A120F3A3C915FAB3AC8E8C26B8082C37C4
                                                        Malicious:false
                                                        Preview:04:11:03.412.INFO.Signaling force websocket stop..04:11:03.472.INFO.Socket connected to getscreen.me:443..04:12:03.555.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:12:03.555.ERROR.WebSocket connection error getscreen.me/signal/agent..04:14:09.383.INFO.Signaling force websocket stop..04:15:29.397.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:16:43.753.INFO.Socket connected to getscreen.me:443..04:17:33.361.INFO.Signaling force websocket stop..04:17:33.361.ERROR.Socket unable to read..04:17:33.361.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:17:45.182.ERROR.WebSocket connection error getscreen.me/signal/agent..04:19:39.134.INFO.Signaling force websocket stop..04:21:44.895.INFO.Signaling force websocket stop..04:23:20.799.INFO.Signaling start connecti

                                                        C:\ProgramData\Getscreen.me\logs\20241011.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):17659
                                                        Entropy (8bit):5.005899746958835
                                                        Encrypted:false
                                                        SSDEEP:192:CbXpTnEmcJx/ad/iox6c3/tJqCR1X1pVCpHWNdbcX/mT2TL40y5OFyjX/9MENzu9:r4R1X1pVDFriRzZbZ
                                                        MD5:9528A28CEFD696F3BEF48135468EB170
                                                        SHA1:658DA31B77DB26FD0F25914230861004FF6AF051
                                                        SHA-256:E0F1E24D4A6E3783CC8478E88B2BBA15EAF8CB776ABBD68D14615C447BF2408F
                                                        SHA-512:4CAF6ABA398C6826780DBD6CEF502781DEC1B831515A9725F298CDF44D560159130F0426DD14A0155B8BEE50BDD47AFDE4A150F402AF11209BC3ED48CA9CFB90
                                                        Malicious:false
                                                        Preview:03:27:05.528.INFO.Signaling force websocket stop..03:27:05.540.INFO.Socket connected to getscreen.me:443..03:27:08.858.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:27:09.053.ERROR.WebSocket connection error getscreen.me/signal/agent..03:29:11.335.INFO.Signaling force websocket stop..03:31:17.093.INFO.Signaling force websocket stop..03:31:56.802.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:32:57.206.INFO.Socket connected to getscreen.me:443..03:34:00.764.INFO.Signaling force websocket stop..03:34:00.764.ERROR.Socket unable to read..03:34:00.764.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:34:04.058.ERROR.WebSocket connection error getscreen.me/signal/agent..03:36:06.523.INFO.Signaling force websocket stop..03:38:12.297.INFO.Signaling force websocke

                                                        C:\ProgramData\Getscreen.me\logs\20241012.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):22233
                                                        Entropy (8bit):5.011817918467258
                                                        Encrypted:false
                                                        SSDEEP:192:j6MuhcqXuIAf2Spxnh1TmVhSizYQOnl2w39505cAzaJRQ8nwOrE2wu35bGKGh3yk:5NkhGzhV4BJTb
                                                        MD5:5A4CFA4A10833C3A001EB6B9FDD7C653
                                                        SHA1:DEF82DA48B19C7D91D3A97015E9EC1BC4751B5E7
                                                        SHA-256:B209B3ECBC26342692D41E09408AF78A99542D516E56CF8EC8E7BE86A44B1A6A
                                                        SHA-512:D82F67FF113B980476CC9F00ACDD02363852D158DD4CB54A949B8945287FCC64BB058DDD569810A7872CF0A05C1615B25870D4E6DFEE3677181F62A8486F7062
                                                        Malicious:false
                                                        Preview:07:16:40.604.INFO.Signaling force websocket stop..07:16:40.612.ERROR.Socket unable to read..07:16:40.612.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:16:40.613.ERROR.WebSocket connection error getscreen.me/signal/agent..07:18:46.402.INFO.Signaling force websocket stop..07:19:48.207.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:19:59.868.INFO.Socket connected to getscreen.me:443..07:21:54.002.INFO.Signaling force websocket stop..07:21:54.002.ERROR.Socket unable to read..07:21:54.002.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:22:00.204.ERROR.WebSocket connection error getscreen.me/signal/agent..07:23:59.779.INFO.Signaling force websocket stop..07:25:46.924.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:27:00.512.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20241014.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):5365
                                                        Entropy (8bit):5.014012776542746
                                                        Encrypted:false
                                                        SSDEEP:48:GxODi5hIrcD2lB+NaBKDEWELyP9DO8W7qDg7DeYAy1DhHvcx6DMabpDRbILzaDhT:GxP5hIBB+N+tzZnAYP8afmiGoWdY
                                                        MD5:D4E94DCE317B722D84C58BB5C4D71997
                                                        SHA1:746055CBE10CFE2C2769258C018DC335742C8A1F
                                                        SHA-256:2AE803B69C373BAAFAC7216C5826198D53A525316B7D1F05842EC2B62857581E
                                                        SHA-512:60875C72B767FD28049BF493AA0FA63D0915CE6D9B4B0D7A48E07F5C46E36142A44BD123BD9EC9E8CE80F7410A9954EFA440C80B0815DE57C96E296FFA1AE803
                                                        Malicious:false
                                                        Preview:14:52:41.743.INFO.Signaling force websocket stop..14:53:41.639.ERROR.Socket unable to read..14:53:41.639.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:53:41.639.ERROR.WebSocket connection error getscreen.me/signal/agent..14:55:47.551.INFO.Signaling force websocket stop..14:57:53.313.INFO.Signaling force websocket stop..14:58:02.020.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:58:02.262.INFO.Socket connected to getscreen.me:443..15:00:07.665.INFO.Signaling force websocket stop..15:00:07.666.ERROR.Socket unable to read..15:00:07.666.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:00:14.256.ERROR.WebSocket connection error getscreen.me/signal/agent..15:02:02.398.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:02:06.910.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20241016.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):127339
                                                        Entropy (8bit):5.018340430738038
                                                        Encrypted:false
                                                        SSDEEP:1536:lwnSkD1O8gCl+NvdJTo5c1Hd/HgsVhuQB6q:aSpClEHVN
                                                        MD5:9B400729E70794A344EC7B579366E294
                                                        SHA1:A13CDAFBA41C62E3E29490B98363C7D980F676AD
                                                        SHA-256:A6832B98509D3521B233968316F392A2055336A93CF04508BC4B3A9F4BB68E39
                                                        SHA-512:E22706501F4EA8BE02328DC430BE9AC5854AEC278B957BBDD408CBD6972F8BF12EDECE9EDFB98550DAF2B5049F93D0E893D8E91C11F3B21408986F99FA56D2FD
                                                        Malicious:false
                                                        Preview:19:08:08.673.INFO.Signaling force websocket stop..19:08:08.705.INFO.Socket connected to getscreen.me:443..19:08:11.426.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:08:11.620.ERROR.WebSocket connection error getscreen.me/signal/agent..19:11:01.297.INFO.Signaling force websocket stop..19:13:07.067.INFO.Signaling force websocket stop..19:13:15.967.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:13:20.458.INFO.Socket connected to getscreen.me:443..19:15:21.376.INFO.Signaling force websocket stop..19:15:21.376.ERROR.Socket unable to read..19:15:21.376.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:15:23.121.ERROR.WebSocket connection error getscreen.me/signal/agent..19:17:27.154.INFO.Signaling force websocket stop..19:19:09.065.INFO.Signaling start connecti

                                                        C:\ProgramData\Getscreen.me\logs\20241019.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):8856
                                                        Entropy (8bit):4.998927875257549
                                                        Encrypted:false
                                                        SSDEEP:192:uiuSiLU952+HS2qVgYQuJlaPonicPot5vcA6bl6vB:gBgB
                                                        MD5:4D81E440E4C0FE29D410066C2CEDFFAF
                                                        SHA1:CF2B57E236346986FC63BFC505D7C7E859B57547
                                                        SHA-256:75F065BB8D7F89E639D14E1585DF1A0E118F5F380CBD2B88DF5E7FFE6C7452DF
                                                        SHA-512:925FF4F521CC1B7BFACDFAC49F251F0A80940594FDAFDDED6694F05CA01B39EE304E401C106762A66881964F7C53595838F753621AA4DD1A40E7B3F05755D44E
                                                        Malicious:false
                                                        Preview:02:24:55.645.INFO.Signaling force websocket stop..02:24:55.710.ERROR.Socket unable to read..02:24:55.710.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:24:55.710.ERROR.WebSocket connection error getscreen.me/signal/agent..02:27:01.513.INFO.Signaling force websocket stop..02:27:09.638.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:27:13.945.INFO.Socket connected to getscreen.me:443..02:29:32.427.INFO.Signaling force websocket stop..02:29:32.427.ERROR.Socket unable to read..02:29:32.427.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:29:37.273.ERROR.WebSocket connection error getscreen.me/signal/agent..02:31:38.217.INFO.Signaling force websocket stop..02:33:43.979.INFO.Signaling force websocket stop..02:34:39.580.INFO.Signaling start connection to 'getscre

                                                        C:\ProgramData\Getscreen.me\logs\20241021.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):3605
                                                        Entropy (8bit):4.994871264040825
                                                        Encrypted:false
                                                        SSDEEP:48:vDD/K8w8DkvfP0lOuDLZDkUFhODk5ls0DyM+MdyDeHu03xD+i5B3:vHKtNvfkLDjFhp5lWdMzHuU5d
                                                        MD5:214EDBE03D86947EE2018F4AAA6BF048
                                                        SHA1:640D7A39864591125F79E96C70020E13A510E919
                                                        SHA-256:A11271E84404F30F40B51286EF95BC0D1BEBEE6A77C2B7D41D4608BBF7E27BA9
                                                        SHA-512:B2149E88A47F448A7D57C6508CB8AB47C566871D845B838E2A349B9CB79EFCC15973A08E1553546D129E981395FA782AE912E41E1358A6CD1D92C955B2561614
                                                        Malicious:false
                                                        Preview:07:34:06.032.ERROR.Socket unable to read..07:34:11.021.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:34:11.021.ERROR.WebSocket connection error getscreen.me/signal/agent..07:36:29.947.INFO.Signaling force websocket stop..07:38:43.248.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:38:54.378.INFO.Socket connected to getscreen.me:443..07:41:00.221.INFO.Signaling force websocket stop..07:44:30.897.ERROR.Socket unable to read..07:44:30.897.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:44:30.897.ERROR.WebSocket connection error getscreen.me/signal/agent..07:46:49.718.INFO.Signaling force websocket stop..07:48:16.322.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:48:29.204.INFO.Socket connected to getscreen.me:443..07:50:33.242.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20241023.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.770942421748538
                                                        Encrypted:false
                                                        SSDEEP:3:N+9LT8N2XINF+WgIO0/Vyn:6NXIX+WgIJUn
                                                        MD5:9F369D3BE78A2F587D824520DBE2C06C
                                                        SHA1:CBE1171091F76048D9357215B3F6C81281E2EAB7
                                                        SHA-256:A6B57A6CE1578BCBA1475AB7E484298C3030D81D7B8EAF5536EE6C3389188022
                                                        SHA-512:3BE8050484276AFA87BD6E5D99F992D4DF8B6CEBD065950DBCB96E1A9EE527D068368D529864A4913D2A91498C1E6AF0C5E31076916C8D61F63FF465AD9E8D8C
                                                        Malicious:false
                                                        Preview:11:34:57.603.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20241025.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.971409270506207
                                                        Encrypted:false
                                                        SSDEEP:6:IC6Mo+Uud2M0CCQP5K0CBPBADNBQEQ8V7XXIX+WgIJUn:ImBQj8P40+q53NX5
                                                        MD5:4A189F5DC8A443135DB63D43974A0EBF
                                                        SHA1:9EE655E58C8D589430531FE62054776EAD61A075
                                                        SHA-256:7131B58528A8BF541B6495F409A5FB9876B1B3E57346351C660C0EAFAC9DA1CE
                                                        SHA-512:F2B83F58386DC38C499978DFBC1F75616FB2A16D1DD4B91D727AAFC91D93B21463E0E991BACCDAFE8B578FC44928167616F228BD78F4A9775395B3242C4B2A8D
                                                        Malicious:false
                                                        Preview:14:49:44.503.ERROR.Socket unable to read..14:49:47.353.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:49:47.363.ERROR.WebSocket connection error getscreen.me/signal/agent..14:52:06.191.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20241027.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):571
                                                        Entropy (8bit):4.9923867029306805
                                                        Encrypted:false
                                                        SSDEEP:12:E9Wr2KCU2ChcYmtvvLKRl6Qj8P40eb5lX5:EYiPU2GcYmtvjnDArR5
                                                        MD5:52F94E0B936E12C31B4E96516BC3BC43
                                                        SHA1:ED2E5C2A74B9BF7A7AD979E51C89347B97CB7BD8
                                                        SHA-256:55149D4336CB0A75440C1FFFBC40A4F1265F2E9131B6C1133E28D7B2DBC1021F
                                                        SHA-512:43876FF1BAB03A5AEFD91C031E3D4FD6C47E22C83ABC4B35D5DEA131462E718EFF8ACE1AD5E94990E4686B47BEE054C3781B8F9C04C4F4F7FCE8687FAEBE0886
                                                        Malicious:false
                                                        Preview:18:06:58.484.INFO.Signaling force websocket stop..18:07:00.876.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:07:14.769.INFO.Socket connected to getscreen.me:443..18:09:20.733.INFO.Signaling force websocket stop..18:09:21.304.ERROR.Socket unable to read..18:09:21.304.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:09:21.304.ERROR.WebSocket connection error getscreen.me/signal/agent..18:11:31.691.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20241029.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):775
                                                        Entropy (8bit):4.950367386510006
                                                        Encrypted:false
                                                        SSDEEP:12:I2X+cXCh9cgtvvDmvxQj8P40tK5bL2Z2XChPmtvvn:BX+cXG9cgtvbyDA5bL2IXGetvv
                                                        MD5:1F833EE806F7BF548AB0D113B850F556
                                                        SHA1:BE33BAE692251A80A64782F4C4AB6E5EF8ECAD81
                                                        SHA-256:3493EA13BCCE45274ED72E53C507EDE680278E47C3AC7115D6C3115592AA37C1
                                                        SHA-512:ECB280590B94F10E6A08E26265566DB7D84158217EB24745B4B665FB2D98FA5EDBFEA22D76711F46418F32F436827BC70B11DD866D41BF33319A0703991FAD30
                                                        Malicious:false
                                                        Preview:21:26:04.183.INFO.Signaling force websocket stop..21:26:49.461.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:26:49.701.INFO.Socket connected to getscreen.me:443..21:29:08.221.INFO.Signaling force websocket stop..21:32:12.442.ERROR.Socket unable to read..21:32:12.492.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:32:12.492.ERROR.WebSocket connection error getscreen.me/signal/agent..21:34:31.246.INFO.Signaling force websocket stop..21:36:50.034.INFO.Signaling force websocket stop..21:37:02.349.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:37:18.203.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20241101.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):974
                                                        Entropy (8bit):4.941675667777414
                                                        Encrypted:false
                                                        SSDEEP:12:a2Qj8P40p65YzQGXChN7mtvvpsXXQj8P40K59ig9CZChQXtvvn:a2DAGSuQGXGMtvaXXDAf9iBZGQXtvv
                                                        MD5:3D4F85EC540AE4E6F7A4B3ACDCD50AA6
                                                        SHA1:545E796120D5F23B544E5FB8E51C8003448CD17C
                                                        SHA-256:7D4E9540FB92CB32EBDA71747DA9352AC6A2D9AC4F21E178B12A21B13AC773F7
                                                        SHA-512:25A2EF00B637F707A94C479A61DF1763A7CA1D9C734F144FB4D7600B12B6CDCF07E68873F8D3EB7AB240999C64DDD3EEFFB8E618C23A10A33D9BA9B0FA35B543
                                                        Malicious:false
                                                        Preview:00:52:27.305.INFO.Signaling force websocket stop..00:52:31.234.ERROR.Socket unable to read..00:52:31.284.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:52:31.478.ERROR.WebSocket connection error getscreen.me/signal/agent..00:54:27.350.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:54:39.325.INFO.Socket connected to getscreen.me:443..00:56:45.550.INFO.Signaling force websocket stop..00:56:46.012.ERROR.Socket unable to read..00:56:46.012.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:56:46.012.ERROR.WebSocket connection error getscreen.me/signal/agent..00:59:00.080.INFO.Signaling force websocket stop..01:01:04.403.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:01:15.302.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20241103.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.986320115711632
                                                        Encrypted:false
                                                        SSDEEP:6:cxX2XIX+WgIJUfQZkMFQuTBEud2M0CCQP5K0CGDQyDNBQEQYRNNXIX+WgIJUT2Xd:cxmdQZ7QuHQj8P40TQI5XN2Chx2tvvn
                                                        MD5:886F60FF6D663F1B4650D7474B10A67C
                                                        SHA1:13FDEB363101DA1C5DE5F46F71A354742203BA7D
                                                        SHA-256:C36843EE3ECE520BF9E14A9592CBC8F462E4A695BC70EC2308F422AD5445FE94
                                                        SHA-512:831F1E504A092BE3E70C63EE5980845A2236944102B9C22382A93CF5B7BDDDFF3A2F6733279D8393D8B90A5CD76FC01AF22AB500CF91FD5590E52A068DFC9BF3
                                                        Malicious:false
                                                        Preview:04:17:12.727.INFO.Signaling force websocket stop..04:17:16.756.ERROR.Socket unable to read..04:17:16.786.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:17:16.796.ERROR.WebSocket connection error getscreen.me/signal/agent..04:19:35.508.INFO.Signaling force websocket stop..04:20:41.072.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:20:50.736.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20241105.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.967166859309797
                                                        Encrypted:false
                                                        SSDEEP:12:SWYur28JDiQj8P40Oz5iCh+Qtvvv4MG9uRG9Q3BQj8P40j9Q365T:yui8JDiDAxViGbtvI/uOKDAcdT
                                                        MD5:78E984F9D9CD18CFC8BA1CBF19F185CE
                                                        SHA1:7D29BBE0176379B5A384414750CA87800B424744
                                                        SHA-256:6BF73A7497D7C617F5837628F91EC109BB1755B826EE70358C55E62A57185BAB
                                                        SHA-512:2FC8825DA74819B6293F74D1BE02DEC95F9A3AB7CACB71184B600302D1D64A1E1324CDA65FD4E88B729665C700DDA0808C78A0470FA1B373E8254640415EE4D0
                                                        Malicious:false
                                                        Preview:07:36:10.074.INFO.Signaling force websocket stop..07:36:13.341.ERROR.Socket unable to read..07:36:13.341.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:36:13.341.ERROR.WebSocket connection error getscreen.me/signal/agent..07:38:17.310.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:38:26.538.INFO.Socket connected to getscreen.me:443..07:41:01.977.INFO.Signaling force websocket stop..07:41:02.057.ERROR.Socket unable to read..07:41:02.058.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:41:02.058.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20241107.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.957326559868534
                                                        Encrypted:false
                                                        SSDEEP:6:MADQP2XIX+WgIJUUiwWNaXXIXNLD4EQ/sdzvRWl8RvvNxJiXIX+WgIJUUDaHMokG:MADQ+Ki52Ch0stvvPJiKoQj8P40d5T
                                                        MD5:97869CEB429A90ED5D099D795EDEBB56
                                                        SHA1:EB9B7237D6F516C115721C8FFA27A9B688410770
                                                        SHA-256:18448F7694690825799D1B336DAB3538476AF026B7061C728929E5B98FBB8250
                                                        SHA-512:52D6FE69045B3BF51F0B40E9C265D303F1E91F0BF1E0C15AB189EFDE126AF4084967930C4DCE5DF8635AD258C2DF20EBC45963784D7D4A8D0A8A838C2B87DBF6
                                                        Malicious:false
                                                        Preview:10:56:00.559.INFO.Signaling force websocket stop..10:57:56.433.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:58:08.820.INFO.Socket connected to getscreen.me:443..11:00:13.282.INFO.Signaling force websocket stop..11:00:13.533.ERROR.Socket unable to read..11:00:13.573.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:00:13.573.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20241109.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.770942421748538
                                                        Encrypted:false
                                                        SSDEEP:3:If56XVXINF+WgIO0/Vyn:ICVXIX+WgIJUn
                                                        MD5:0ECDA1FEBED1309EB1B5936AC97F9B15
                                                        SHA1:12B17951D6316B58197F80182B198E0F416CD3CB
                                                        SHA-256:B8C4EE137DC48F60F2705FA8BB1E8F09AEBE196260469319A27B114CD77E0B04
                                                        SHA-512:5B25A5B0D8BD090C3BF60928FCC726DBFF0EF9C717824D3E22AA3188326DD5C74CD708E37E9D1E525DAA082F5D4785BB4CE60CC41C5AB4D45402457AB0D2F68A
                                                        Malicious:false
                                                        Preview:14:16:59.290.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20241111.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):148
                                                        Entropy (8bit):4.647622327639175
                                                        Encrypted:false
                                                        SSDEEP:3:Ifr/qriXINFDhL1JDEELD8KruRQ9beWss3mdzvRWAAEzRWovn:IbJXIXNLD4EQ8e42dzvRWl8Rvvn
                                                        MD5:2F48363C51A4F956AAC68AF68177DFB0
                                                        SHA1:825EBD915F24D40D3912F2CD47C05BDC6798B78F
                                                        SHA-256:1FCEE9DFA8671C021D94B4E02496CE056B80D81A8A15CCFC193B3A978BD68511
                                                        SHA-512:AC1FBE00433F504099836152F5FFCA5F2FF2BBF7E34C5E6A0CD4CA69856EA52B340EF9342C896882FE0991559A2B0E34A5957B117A895DAC916BC08DF588CF21
                                                        Malicious:false
                                                        Preview:14:17:00.449.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:32:02.673.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20241113.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2203
                                                        Entropy (8bit):4.985787977346565
                                                        Encrypted:false
                                                        SSDEEP:48:gDpubVB+sCJDpLbVU2+yKzDpVbVm+YZhjDphAbcQ+z6w8DnzT:RX+9j+yc8+kh/Agf6wizT
                                                        MD5:C1C56EBC4D9A9F10EE498CA8719CF93E
                                                        SHA1:2CA500A841AF8145AA03BE5C1616ED964B1ADAE7
                                                        SHA-256:92CB9EA68085DF73EF18C4174B4A996A82158F9F899ADE4396480B69C6BAF7F8
                                                        SHA-512:7B9B50F641B4A8652536C32C8CEB1E2B0F30192EE6B7666C1E531FBF77303E8B436B0DE1A53ADD2B959270DAAFE3E154A45C890BE560A8C284DEF461179053E8
                                                        Malicious:false
                                                        Preview:20:46:40.918.INFO.Signaling force websocket stop..20:46:44.745.ERROR.Socket unable to read..20:46:44.785.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:46:44.785.ERROR.WebSocket connection error getscreen.me/signal/agent..20:48:46.615.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:49:46.843.INFO.Socket connected to getscreen.me:443..20:50:54.985.INFO.Signaling force websocket stop..20:50:54.986.ERROR.Socket unable to read..20:50:54.986.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:50:54.986.ERROR.WebSocket connection error getscreen.me/signal/agent..20:53:13.930.INFO.Signaling force websocket stop..20:53:36.907.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:53:43.367.INFO.Socket connected to getscreen.me:443..20:55:53.827.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20241115.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):571
                                                        Entropy (8bit):4.960717692068118
                                                        Encrypted:false
                                                        SSDEEP:12:bo2WOXCh9/tvvHNpbpRQj8P40Tpq5jIn5:E2vXG9tvvNx7DAeYjIn5
                                                        MD5:3D327B3B73074D40E09915382EB3D469
                                                        SHA1:78D6231D903EDE5ACD7EF3922EC9CC2C5D3B7773
                                                        SHA-256:40E988493341EC5FAC03AE5BD8774454D1A963A564ED2B777291CA95B7239B41
                                                        SHA-512:01EBA8DD6D4E2AF6EC5B5844A73AF9827F8642DCCADAECD04158A6FBE390DB39E2208D11AAB11467F6A8CAE16CE0AFC9365A506A64F0605A40FA96601BB21E8F
                                                        Malicious:false
                                                        Preview:00:17:54.826.INFO.Signaling force websocket stop..00:18:21.542.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:18:29.031.INFO.Socket connected to getscreen.me:443..00:20:39.162.INFO.Signaling force websocket stop..00:20:39.488.ERROR.Socket unable to read..00:20:39.488.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:20:39.488.ERROR.WebSocket connection error getscreen.me/signal/agent..00:22:50.029.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20241118.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1086
                                                        Entropy (8bit):4.987650182045857
                                                        Encrypted:false
                                                        SSDEEP:12:OommChMr2tvvKrNDQj8P40B5kmCChZitvvtmSHQj8P40J5uj5:OommGMitvirtDAujCGZitvVmoDAuuj5
                                                        MD5:19C541A8722FEE01EF1E6A26B733B77B
                                                        SHA1:E4C5464A6BCBF5DAE58EA130AC2339D71403FD2C
                                                        SHA-256:2E5806BE44633EAFBFC2CA83A04630E2C8EF56462F0D470117019ECA54AC917D
                                                        SHA-512:AE3E9BDCA4CF2F098BE70875498306BCCC4F254FC57E46EC7ABABF3CF64D9D0124A16439BCA06DDAAE0C3A18184A80E3AD0AFA76684AAE552EAA7348A756D422
                                                        Malicious:false
                                                        Preview:03:39:11.170.INFO.Signaling force websocket stop..03:39:14.003.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:39:15.854.INFO.Socket connected to getscreen.me:443..03:41:32.735.INFO.Signaling force websocket stop..03:41:32.886.ERROR.Socket unable to read..03:41:32.936.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:41:32.936.ERROR.WebSocket connection error getscreen.me/signal/agent..03:43:51.843.INFO.Signaling force websocket stop..03:43:51.868.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:43:58.949.INFO.Socket connected to getscreen.me:443..03:46:10.692.INFO.Signaling force websocket stop..03:46:11.523.ERROR.Socket unable to read..03:46:11.554.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:46:11.554.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20241120.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1030
                                                        Entropy (8bit):4.975217019821366
                                                        Encrypted:false
                                                        SSDEEP:24:BIAPGdXtvrIV7VVEDAR7mI8DGatvcWa/NuDA/ZT:CZLEV7nEDI7zvOS8DIT
                                                        MD5:DF2792AB186D53D2C5ACC12775269D73
                                                        SHA1:DD88CDB3C7A8FD8C6986A9B9811F4F4421429878
                                                        SHA-256:A8989ACD76DFE32CB7656F0DDAF4FB1E1553FE59478C2D7713708596D867A2D9
                                                        SHA-512:9CB58D160977DF13E0C64BB221272056C07DC945D6C34EA4036FFBD8E39EF229B19418527C68BCC6B19BCBB13740BA131B8CB76FD3857738839E3ACC69D4CA92
                                                        Malicious:false
                                                        Preview:07:04:18.759.INFO.Signaling force websocket stop..07:04:21.421.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:04:34.967.INFO.Socket connected to getscreen.me:443..07:06:40.864.INFO.Signaling force websocket stop..07:06:41.125.ERROR.Socket unable to read..07:06:41.165.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:06:41.165.ERROR.WebSocket connection error getscreen.me/signal/agent..07:09:00.053.INFO.Signaling force websocket stop..07:09:24.494.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:09:32.624.INFO.Socket connected to getscreen.me:443..07:11:42.334.INFO.Signaling force websocket stop..07:11:43.176.ERROR.Socket unable to read..07:11:43.206.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:11:43.206.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20241122.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1545
                                                        Entropy (8bit):4.986469185159149
                                                        Encrypted:false
                                                        SSDEEP:24:MW2g9GatvxtFDAiNDEGUXtviX7DA1KuGFtvdyp909ODA49535:COJbDvN1UdqrD063G909ODn95J
                                                        MD5:FDF4779E7F8A75C368171D7C3D1AAD41
                                                        SHA1:1EE92087483DDC7FE7C7500EA42088B227CC42F7
                                                        SHA-256:92149B6188D90594EC5F8D9F27E5CCF2368CBA391F99751CA737432F251952CC
                                                        SHA-512:92BFF5F71DE27F3969575639EA4F9BE9CFE4CF7FE9C88B0692D1D8AECE326750D650C07338709A7187E7DA0812FCF2A723F0D19ACA0013BF0E174A1B5892600D
                                                        Malicious:false
                                                        Preview:10:27:34.533.INFO.Signaling force websocket stop..10:28:28.700.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:29:40.030.INFO.Socket connected to getscreen.me:443..10:30:39.379.INFO.Signaling force websocket stop..10:30:39.690.ERROR.Socket unable to read..10:30:39.690.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:30:39.690.ERROR.WebSocket connection error getscreen.me/signal/agent..10:32:37.848.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:32:40.043.INFO.Socket connected to getscreen.me:443..10:34:55.983.INFO.Signaling force websocket stop..10:34:56.094.ERROR.Socket unable to read..10:34:56.115.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:34:56.115.ERROR.WebSocket connection error getscreen.me/signal/agent..10:37:14.864.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20241124.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.786498970102188
                                                        Encrypted:false
                                                        SSDEEP:6:3hqas2XIX+WgIJUUEHw2XIXNLD4EQa6mdXdzvRWl8Rvvn:33KEHw2Chz6m5tvvn
                                                        MD5:2E7F791261298AA7A220ADC11C35C9FE
                                                        SHA1:5AE5B814AE9DF1362FC6FC5C06F542EB707C33B7
                                                        SHA-256:96592BE82882C3E84621A7E1EA541E5A73EBD61FE533EAFA303407E8D67670BE
                                                        SHA-512:138B01DDD5AD5DFBD1DDBC868B1FC7E07D5E71A2FA95B225DEF86C4864A59AEAF1E7E4D3A2AB6643A9CB14A6385959DD17DE12CA4692CC083122A5F9BCBEBD3C
                                                        Malicious:false
                                                        Preview:13:58:10.197.INFO.Signaling force websocket stop..13:58:16.564.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:58:25.761.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20241126.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1856
                                                        Entropy (8bit):5.019484671515562
                                                        Encrypted:false
                                                        SSDEEP:24:u51DARw012JGritvHMvgDAR0VPbgG+Rtv2tDAHJwS2GGtvM32w96DAJT:MDsw01dakvgDs0196ED+2SvqcbkDoT
                                                        MD5:486D85BC639664FC4A3D19D342AFCDE9
                                                        SHA1:550B9018B9814F1DE6F68661F7AE5C27B92E4794
                                                        SHA-256:F2972B9B336B6459C4C7BDAD61CFA8132BBF8D1507C465E5CAB26D8DE8EF997E
                                                        SHA-512:ABF8E34C470EB19077D5D44D77917B86B0F91B903BBCCFF3E438A8685CD355169EF95961EC2A389540793051B0EB86B9B72210E4DA0F4DB1E0601F125C91CA9A
                                                        Malicious:false
                                                        Preview:17:13:47.461.INFO.Signaling force websocket stop..17:13:50.745.ERROR.Socket unable to read..17:13:50.745.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:13:50.745.ERROR.WebSocket connection error getscreen.me/signal/agent..17:16:09.476.INFO.Signaling force websocket stop..17:17:25.718.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:17:32.747.INFO.Socket connected to getscreen.me:443..17:19:43.204.INFO.Signaling force websocket stop..17:19:43.515.ERROR.Socket unable to read..17:19:43.515.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:19:46.041.ERROR.WebSocket connection error getscreen.me/signal/agent..17:22:22.917.INFO.Signaling force websocket stop..17:24:35.334.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:24:45.192.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20241128.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.967369067705584
                                                        Encrypted:false
                                                        SSDEEP:6:ofbN2XIX+WgIJU/NXIXNLD4EQjCZX2dzvRWl8RvvNObr2XIX+WgIJUNkjKHMPkjv:E2PCh+uX2tvvYbr2kmNQj8P40ZIu5T
                                                        MD5:6550B7CC3540D9C4DD8A0B689F48E4C8
                                                        SHA1:E6073348351C0BB02C38DEE4C429488FFCE43361
                                                        SHA-256:0BF4AF16D90CEBC5BCFD93F81F1E0C5D4D169168CAEEEADD733C7DEFA5EEB79C
                                                        SHA-512:774768657651BF7D0C56B31CE77111735088A8EE06A49718C9BB0F63F5871F0C91464089C219676E88C515B7A32BCB58FDD9CA389321F91815DC54FC847A1E8F
                                                        Malicious:false
                                                        Preview:20:49:26.518.INFO.Signaling force websocket stop..20:50:54.579.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:52:32.926.INFO.Socket connected to getscreen.me:443..20:53:05.424.INFO.Signaling force websocket stop..20:53:12.013.ERROR.Socket unable to read..20:53:12.013.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:53:12.013.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20241130.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):7154
                                                        Entropy (8bit):4.982211528793502
                                                        Encrypted:false
                                                        SSDEEP:192:XzpXiZoi4XRpZl1J4OaK3nitAklkXDbkTMkp/khFxT:RlnWiXkzuXZ
                                                        MD5:8B5D14B014EF072F67285B9403E955C4
                                                        SHA1:D7E428C997C3C80F62C61F63813AF53881FE562C
                                                        SHA-256:C7BC2CB64515D4D7FC79AA18CB96466979F8DB76A7430D8397BE4227E147896E
                                                        SHA-512:B6EF3A975F4958ECCB6D8F3CFC13F279A88CD554392E90959F22AC177D886541DE42A3808E15324FAC0814EEF969FADE3B1302B8C107765195B72FD89FD6225B
                                                        Malicious:false
                                                        Preview:00:07:54.619.INFO.Signaling force websocket stop..00:09:23.580.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:09:33.429.INFO.Socket connected to getscreen.me:443..00:11:40.430.INFO.Signaling force websocket stop..00:11:40.471.ERROR.Socket unable to read..00:11:40.471.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:11:40.471.ERROR.WebSocket connection error getscreen.me/signal/agent..00:13:59.214.INFO.Signaling force websocket stop..00:15:04.833.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:15:11.040.INFO.Socket connected to getscreen.me:443..00:17:24.345.INFO.Signaling force websocket stop..00:17:27.800.ERROR.Socket unable to read..00:17:27.800.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:17:27.800.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20241203.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1749
                                                        Entropy (8bit):4.963370639196144
                                                        Encrypted:false
                                                        SSDEEP:24:RsGe95mtvNlkOuwDAH/crGeRAtvNKuDA0riYG0tvNFSQlDAeO7OkPmGytvv:renKYOuwDW/deqZDREUHSQlDjOvPfW3
                                                        MD5:868C77C30242FD15740B1BB6A0A83FDB
                                                        SHA1:A3C86DAF09065655730FDC1327C986B5388B019E
                                                        SHA-256:50C40834831A55563BCE81B35D374BDC74F448206581184B7384CDE61F01C864
                                                        SHA-512:0EC94BD0945ECE2C8BEF1894FB9514625E531AED9C42C5A0D52E71287FEF737FD8F3EA59967929348915D4A22B4FEEBD1FEE59F1CBD47A88A5033BD527FBD27B
                                                        Malicious:false
                                                        Preview:04:42:06.979.INFO.Signaling force websocket stop..04:42:34.289.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:43:45.680.INFO.Socket connected to getscreen.me:443..04:44:44.924.INFO.Signaling force websocket stop..04:44:45.315.ERROR.Socket unable to read..04:44:45.346.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:44:45.346.ERROR.WebSocket connection error getscreen.me/signal/agent..04:47:03.909.INFO.Signaling force websocket stop..04:47:14.502.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:47:51.980.INFO.Socket connected to getscreen.me:443..04:49:32.099.INFO.Signaling force websocket stop..04:49:32.580.ERROR.Socket unable to read..04:49:32.590.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:49:32.591.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20241205.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.971374556361993
                                                        Encrypted:false
                                                        SSDEEP:6:MTNVr2XIX+WgIJU6yMRsbud2M0CCQP5K0CKbsfDNBQEQYdHidXIX+WgIJUvkXXII:Mz2IFjQj8P40fU57apkXChStvvn
                                                        MD5:E73C723DDE4788D45DE3F889F8C352FE
                                                        SHA1:5B981A924CB36BBADCF8BFE78B0E3578905751A3
                                                        SHA-256:14CBC79F5222F7F1538879023B81C956C30DD90BBE11750904D5EB46A32894DF
                                                        SHA-512:6A83D5B3DED508E98075A4CD8C5CEE87811ED701E447B09F7E29AE2007CE97D818F21D9254120F16C12D11E39F250A5CFE1ED371B6128CA5009C33560F49C9AB
                                                        Malicious:false
                                                        Preview:08:16:53.026.INFO.Signaling force websocket stop..08:16:56.566.ERROR.Socket unable to read..08:16:56.606.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:16:56.606.ERROR.WebSocket connection error getscreen.me/signal/agent..08:19:15.329.INFO.Signaling force websocket stop..08:19:59.491.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:20:06.340.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20241207.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):826
                                                        Entropy (8bit):4.990094014776206
                                                        Encrypted:false
                                                        SSDEEP:12:1uKB89Qj8P40/5HCqXKBF2ChqtvvFXKVqjQj8P402q5T:1uVDA4imHGqtvdXGqjDAbCT
                                                        MD5:234E38DE5B37F583D3559A5BD619D859
                                                        SHA1:66155A7AA3A11E16A2DDA624C203EDC4CA5B91A9
                                                        SHA-256:047419D5C564EA2D2150B2A03710C1B0CA53A40897CA3A1D61D2D7C96EFFE427
                                                        SHA-512:A27B6F637D925C182A65BDB6DA67FD2D0E36974E24A279F648471B6080FCC26A244E36D757DA8B323FAD43A9F3A18FDA1C8F067E2C98F6927BAE6072E7BBF593
                                                        Malicious:false
                                                        Preview:11:36:01.578.INFO.Signaling force websocket stop..11:36:03.858.ERROR.Socket unable to read..11:36:03.858.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:36:03.858.ERROR.WebSocket connection error getscreen.me/signal/agent..11:38:12.647.INFO.Signaling force websocket stop..11:38:42.824.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:38:46.497.INFO.Socket connected to getscreen.me:443..11:40:59.823.INFO.Signaling force websocket stop..11:41:00.314.ERROR.Socket unable to read..11:41:00.314.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:41:02.280.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20241209.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1489
                                                        Entropy (8bit):4.998597554388481
                                                        Encrypted:false
                                                        SSDEEP:24:maGfXtv2AWxDAjiF3GXn2tvLqDAGUDGZsXtvxVLN1DA4+T:+ljWxDOi4XnaWDz9ZEp5N1DV+T
                                                        MD5:A620E2B092A700F8A044D112F075ABD7
                                                        SHA1:5B9E7CEDF36A12F3156E317AE0D11E1FB58C4F4E
                                                        SHA-256:3E5507DB8703A5478815ADDCD073E2D6A126F600B87ADB39B166D1E1C93EFC6F
                                                        SHA-512:8AC05D1EEC04CB4B33E033CE17B2771DCAEFE63E3C036F478A30B0940B28BA8ED18592FCEE70D37F5AA52F49DAD3372EA838945FE90E6025029295B573785F30
                                                        Malicious:false
                                                        Preview:14:56:18.472.INFO.Signaling force websocket stop..14:56:37.145.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:56:41.522.INFO.Socket connected to getscreen.me:443..14:59:11.142.INFO.Signaling force websocket stop..14:59:11.374.ERROR.Socket unable to read..14:59:11.374.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:59:11.374.ERROR.WebSocket connection error getscreen.me/signal/agent..15:00:59.122.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:01:01.036.INFO.Socket connected to getscreen.me:443..15:03:16.144.INFO.Signaling force websocket stop..15:03:16.235.ERROR.Socket unable to read..15:03:16.436.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:03:16.436.ERROR.WebSocket connection error getscreen.me/signal/agent..15:05:24.900.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20241211.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):571
                                                        Entropy (8bit):5.005520672435337
                                                        Encrypted:false
                                                        SSDEEP:12:EINn2K69R2Ch2tvvXSM2KMSSS7OQj8P40TS7n5sX5:EK2f2G2tvKM2ALiDA1Vk5
                                                        MD5:57F8C541AE6807731C56B138F302F69A
                                                        SHA1:904A719F90F5886D8551362492A8EEB050283851
                                                        SHA-256:657A58EB6E50D450500F21E4C543D940A5F83881B72B1DC4818D30CD75EA4B53
                                                        SHA-512:ECDBF94DBDE8D106540C57DC3F3376F279E953773008E759E92A5A7C5E3D53CFD1002CD5B711BE0DC31C4E648C29881272887982221892EFC57AF70DDF41192B
                                                        Malicious:false
                                                        Preview:18:25:06.994.INFO.Signaling force websocket stop..18:25:53.246.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:26:02.873.INFO.Socket connected to getscreen.me:443..18:28:11.186.INFO.Signaling force websocket stop..18:28:11.427.ERROR.Socket unable to read..18:28:11.447.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:28:11.447.ERROR.WebSocket connection error getscreen.me/signal/agent..18:30:20.619.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20241213.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4559
                                                        Entropy (8bit):4.994348134420133
                                                        Encrypted:false
                                                        SSDEEP:48:0JGRLOD3L5bepmgvszDyswbykrkzD+wbtKpDcbXfruDmbN/SazDLbKvcDDWb2Mo8:0ctC5C7OwkmwppDxJ/j47drPI1q
                                                        MD5:E8B3F6EA043FF054FE7792ECF1D6EC84
                                                        SHA1:017155E699E0EBCFACF9C34D98A501B411973E68
                                                        SHA-256:D2D9CE44F3AED04DA3E5B276C8A67B8E959EABA0D8AF2AE0B7FFA7279CA96854
                                                        SHA-512:15BC592A6DF6EE485CA1AFEFD1BBF67A52ED244EE18205B6A3710E32C84FF82EA4CCD391389CA9FFF3CA1DF6E90A9423759220386097A2F284CB498D12C4B244
                                                        Malicious:false
                                                        Preview:21:45:05.694.INFO.Signaling force websocket stop..21:45:35.673.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:45:41.269.INFO.Socket connected to getscreen.me:443..21:47:54.494.INFO.Signaling force websocket stop..21:47:54.746.ERROR.Socket unable to read..21:47:54.767.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:47:54.767.ERROR.WebSocket connection error getscreen.me/signal/agent..21:49:33.625.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:49:33.631.INFO.Socket connected to getscreen.me:443..21:51:42.399.INFO.Signaling force websocket stop..21:51:42.801.ERROR.Socket unable to read..21:51:42.812.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:51:42.812.ERROR.WebSocket connection error getscreen.me/signal/agent..21:52:34.965.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20241215.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1939
                                                        Entropy (8bit):4.99701221759816
                                                        Encrypted:false
                                                        SSDEEP:24:FJgxDAfgikhaKWGqatv32a57xDAVikUOGXGvatvk5y93fDA70kcYAGzKitvlt1Do:sxD1ikQKPqOp3Dtkb2FvDlkxzdZDIUVY
                                                        MD5:639784235690663D84A7FF31D0EA126C
                                                        SHA1:9C70F591BC1F7F82D5B10F504A3DDD4A00449247
                                                        SHA-256:F0CAD925AD1EEF2723057721F6B0B15332F4D12733EA9F0A3BB89FCA1D040CB8
                                                        SHA-512:291684CDE798430D1000340DAE766A537CC09D337BBBA780DE1E67D21B71796C60E095943C325EED0F84C9DF46777FD1120BE12120D201C4802CA1541F877481
                                                        Malicious:false
                                                        Preview:01:42:16.746.ERROR.Socket unable to read..01:42:20.296.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:42:20.296.ERROR.WebSocket connection error getscreen.me/signal/agent..01:44:39.171.INFO.Signaling force websocket stop..01:45:49.089.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:45:56.391.INFO.Socket connected to getscreen.me:443..01:48:06.331.INFO.Signaling force websocket stop..01:48:06.502.ERROR.Socket unable to read..01:48:06.512.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:48:06.512.ERROR.WebSocket connection error getscreen.me/signal/agent..01:50:25.394.INFO.Signaling force websocket stop..01:51:13.295.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:52:26.791.INFO.Socket connected to getscreen.me:443..01:53:23.754.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20241218.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4557
                                                        Entropy (8bit):4.995494957040233
                                                        Encrypted:false
                                                        SSDEEP:96:7PzWV7n5xFTd3LGbCYtoncSY21eq4iLaaIGxyLoBz:nW5n5P53LNKBZqPeRWyLoBz
                                                        MD5:D424788A879C3E2EC2B5746FE83D6984
                                                        SHA1:51B5B8715E3B156D60A6BBB9F6A5D2078A17412B
                                                        SHA-256:963C84D171D41F8A017558DD08CAA5987957306FDB97945155AE5AF6945B01AD
                                                        SHA-512:A7FC4416FD682C690258EF89282B56B718FA35DD6FA8FC7789D1A91A1FE45F29C456E3D96FAF8A580198136389E07144DAAD6D8294D8FD11DF9F4248F3438750
                                                        Malicious:false
                                                        Preview:05:15:53.119.INFO.Signaling force websocket stop..05:15:53.319.INFO.Socket connected to getscreen.me:443..05:15:58.041.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:15:58.051.ERROR.WebSocket connection error getscreen.me/signal/agent..05:18:11.395.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:19:14.418.INFO.Socket connected to getscreen.me:443..05:20:22.136.INFO.Signaling force websocket stop..05:20:22.627.ERROR.Socket unable to read..05:20:22.667.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:20:22.667.ERROR.WebSocket connection error getscreen.me/signal/agent..05:22:41.305.INFO.Signaling force websocket stop..05:24:40.761.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:24:53.387.INFO.Socket connected to getscreen.me:443..05:26:57.723

                                                        C:\ProgramData\Getscreen.me\logs\20241220.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.963042259061232
                                                        Encrypted:false
                                                        SSDEEP:6:4m8AXIX+WgIJU2OmRXXIXNLD4EQ8iPn2dzvRWl8Rvvaj2XIX+WgIJU2gbMgfIcky:BDoOmRXChJiPn2tvvaKoGZQj8P40Z5T
                                                        MD5:8B8D9FD584FC7E400FE7E13F31918440
                                                        SHA1:0382363A4790B3382113EF4DDC7C7C7527FAA585
                                                        SHA-256:8784984EF1579F172EFDDB99461AE8294B453DFAE82313793508326642908A6B
                                                        SHA-512:8B5E95BD891BA429CA0197A39114203494017F972511B24AF5642C924404CA312897D49A8FE86C59CF87613A948CC79FA30316D98278B55B6D1384861081FE4D
                                                        Malicious:false
                                                        Preview:09:27:28.342.INFO.Signaling force websocket stop..09:27:29.939.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:27:37.776.INFO.Socket connected to getscreen.me:443..09:29:50.077.INFO.Signaling force websocket stop..09:29:50.338.ERROR.Socket unable to read..09:29:50.378.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:29:50.378.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20241222.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.761971825113706
                                                        Encrypted:false
                                                        SSDEEP:6:O5NG2XIX+WgIJUU+4Kw2XIXNLD4EQH4cLAdzvRWl8Rvvn:kNG2K+rw2ChgRMtvvn
                                                        MD5:24A0C2CDF5008501FE20046B829F7EBB
                                                        SHA1:9EB0B1B42A421D8DB061AB300435A6D18BE0045B
                                                        SHA-256:DE922A4D8A40ECD675953728D104E7DC02AB825CE2D9077EB0EFA3F0B246EDE4
                                                        SHA-512:6DD6737D409A588E336A177B81E329BE1C54446BAE4BF230A21C637CE22FC31CD5DCF38A471C4BB4BDC40ADCD1A188BD777801B79750662D2C2727783AB14758
                                                        Malicious:false
                                                        Preview:12:45:36.034.INFO.Signaling force websocket stop..12:45:50.956.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:45:59.932.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20241224.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.956568760587068
                                                        Encrypted:false
                                                        SSDEEP:6:KLFXIX+WgIJUUdkMg3Eud2M0CCQP5K0CZ3ADNBQEQN/XIX+WgIJUUqR2XIXNLD4Q:qKd4RQj8P40wq5W/K82ChqQtvvn
                                                        MD5:671133BD5AAD42BAD817DF1FC564251B
                                                        SHA1:D3056C401FD4F67820156FB90F34976D406891C5
                                                        SHA-256:6640636FDDAE13DE8C02FF7585C68472C993616DFE9D0BC7C36A856CF21F20C6
                                                        SHA-512:FBC3F3F682CB7998F5000F1D0150E2C0D4C705DBB411D969B6B6642D08DC86BD0AEBFFE78BBA66AF968340D9B44BF0EEC75287163607C466E7513AA32BB2651A
                                                        Malicious:false
                                                        Preview:16:01:43.711.INFO.Signaling force websocket stop..16:02:46.554.ERROR.Socket unable to read..16:02:46.604.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:02:46.604.ERROR.WebSocket connection error getscreen.me/signal/agent..16:05:05.452.INFO.Signaling force websocket stop..16:06:19.964.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:06:20.207.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20241226.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.9967606541532135
                                                        Encrypted:false
                                                        SSDEEP:12:yxKxSKVSqRQj8P40OSqq5LChLRtvvPrr2KNSQj8P40c5T:yxQSKVSqRDANSqCLGLRtvLicSDAtT
                                                        MD5:D3B1B8850DC5D8B76B9BBD79C59CDCE4
                                                        SHA1:53CDF5EDBFB31CF8F75C892921CF2FE3C069C9EA
                                                        SHA-256:8CC077F29DB80EAD233667ADE1A9B8BD402237F1C686C1560A17B7FB6C38DEBB
                                                        SHA-512:C70D0FDE905949815A7097870B95CFBF1DC721E5A39E896CBBAFEB456DF15419752C009D098FD0CC18AC0C0A6F3B6C75A476089F66AACFE33D0F9488DA6FD618
                                                        Malicious:false
                                                        Preview:19:23:01.745.INFO.Signaling force websocket stop..19:23:03.633.ERROR.Socket unable to read..19:23:03.643.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:23:03.643.ERROR.WebSocket connection error getscreen.me/signal/agent..19:25:12.382.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:25:13.225.INFO.Socket connected to getscreen.me:443..19:27:20.854.INFO.Signaling force websocket stop..19:27:20.894.ERROR.Socket unable to read..19:27:20.904.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:27:20.904.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20241228.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1178
                                                        Entropy (8bit):4.977775678228805
                                                        Encrypted:false
                                                        SSDEEP:24:XdrUG+tvXYzDAZbqRGDtvI3DA/beG62tvv:LSSDIbFJ4Dqb36a3
                                                        MD5:2A9D9C09F2DA37A87D0461C5DE646827
                                                        SHA1:90FE95AEB3255553E0D45DF1EF513973CE0E1DD8
                                                        SHA-256:363F086FA462C84929BE5E0D730C0A70FD7F16D448D2237D1E66DF0485B1E1F9
                                                        SHA-512:F1EDCEB1AB448FBFAAFD20966F00CB45694357EDA2994F1B9262F4F04B53055C9067268B4BFC4792E7DAB87EFC98DC0A66607D24A031808DC14DF93C2BDAA4E3
                                                        Malicious:false
                                                        Preview:22:43:17.512.INFO.Signaling force websocket stop..22:43:32.837.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:43:33.071.INFO.Socket connected to getscreen.me:443..22:45:50.191.INFO.Signaling force websocket stop..22:45:50.392.ERROR.Socket unable to read..22:45:50.432.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:45:50.442.ERROR.WebSocket connection error getscreen.me/signal/agent..22:48:09.221.INFO.Signaling force websocket stop..22:48:54.453.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:49:00.894.INFO.Socket connected to getscreen.me:443..22:51:16.250.INFO.Signaling force websocket stop..22:51:16.793.ERROR.Socket unable to read..22:51:16.793.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:51:16.793.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20241230.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):6574
                                                        Entropy (8bit):4.991768696056829
                                                        Encrypted:false
                                                        SSDEEP:192:GpXHd6uhDqPHXOTy9yjKj2znyDkm58CB9QvmY:a66Tyw
                                                        MD5:A658C05FE6346B7E3B158C0D34F5F4A0
                                                        SHA1:CEB6139545512FD8159065ED660E1E8112122AB5
                                                        SHA-256:2FCE7463265096E1D62597F87827309ADC008A466AA54F8BE071646A922FB5D9
                                                        SHA-512:DA33B92F14EB99907A21B0C8666EE4ECA4C90DAEFDC75343285510F4C26D90CECC54EA6289F39F341A88CF412E0A87291D988051308BF947309848B411367C30
                                                        Malicious:false
                                                        Preview:02:09:34.247.INFO.Signaling force websocket stop..02:09:37.236.ERROR.Socket unable to read..02:09:37.236.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:09:37.236.ERROR.WebSocket connection error getscreen.me/signal/agent..02:11:56.050.INFO.Signaling force websocket stop..02:12:01.247.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:12:11.109.INFO.Socket connected to getscreen.me:443..02:14:24.316.INFO.Signaling force websocket stop..02:14:24.417.ERROR.Socket unable to read..02:14:24.447.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:14:25.760.ERROR.WebSocket connection error getscreen.me/signal/agent..02:16:43.472.INFO.Signaling force websocket stop..02:16:44.782.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:16:49.513.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20250102.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):3330
                                                        Entropy (8bit):4.98355504172833
                                                        Encrypted:false
                                                        SSDEEP:48:QmDjDiz3L2IfDhyPK5axDAthl+QqRDCCNBwJpAyFDFuEv1DBjtfx+eDDf32Y:pD6z3L22yPKLtcNBwmEfhRn32Y
                                                        MD5:754078A5FADE45957ED4F40022A3B6FE
                                                        SHA1:7E2DF5365BD7DB19E86383DCFC8C95D141AB6477
                                                        SHA-256:15E857C7977EC594BD5AD1A8F9E61F81DA498C3C69FBCA83BEA2F5E7D8D790D4
                                                        SHA-512:C1FC4229C964D905059E419E9070F999FC59F3E6F417C2E5F40FFECC0A7D9815F0ECBBEA2AA6E7D448536FC61FD2BE3041BD8DB0B1919560AF9A4959EED72649
                                                        Malicious:false
                                                        Preview:06:30:21.810.INFO.Signaling force websocket stop..06:30:23.103.INFO.Socket connected to getscreen.me:443..06:30:46.114.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:30:46.522.ERROR.WebSocket connection error getscreen.me/signal/agent..06:33:04.337.INFO.Signaling force websocket stop..06:35:14.055.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:35:26.847.INFO.Socket connected to getscreen.me:443..06:37:32.240.INFO.Signaling force websocket stop..06:37:36.075.ERROR.Socket unable to read..06:37:36.105.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:37:42.101.ERROR.WebSocket connection error getscreen.me/signal/agent..06:39:54.734.INFO.Signaling force websocket stop..06:41:39.418.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:43:11.166.INFO.Soc

                                                        C:\ProgramData\Getscreen.me\logs\20250104.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1350
                                                        Entropy (8bit):4.989921836664124
                                                        Encrypted:false
                                                        SSDEEP:24:MI4L/B2tvB/3/LDA+/IuzGR8tvLXK1EDAD6TnG/2tvGYDAPSu5:eaVDWuKRsDa1ED86TG/aVDCSG
                                                        MD5:381A99F79603242A7D3A2D4172F26E7F
                                                        SHA1:A5CA1B22E5F4351B9F7A0C692DA050B29DDD9A1B
                                                        SHA-256:AED350F66A77AF81D0E2ABBA4C845D761E4E271CE864063CA361C930C276CBD2
                                                        SHA-512:3400D1B5A5572AE6CB8323F4D8748E5356560742F3D9D2139CF871555FCCE020D9CE6A40427CE4EB9A25808E4C2B83F330300FAF9FECDEB79F7EFA24FFB3E064
                                                        Malicious:false
                                                        Preview:10:18:26.363.INFO.Signaling force websocket stop..10:18:26.396.INFO.Socket connected to getscreen.me:443..10:18:27.595.ERROR.Socket unable to read..10:18:27.595.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:18:27.595.ERROR.WebSocket connection error getscreen.me/signal/agent..10:20:29.303.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:20:29.805.INFO.Socket connected to getscreen.me:443..10:22:38.218.INFO.Signaling force websocket stop..10:22:38.309.ERROR.Socket unable to read..10:22:38.309.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:22:38.748.ERROR.WebSocket connection error getscreen.me/signal/agent..10:24:45.850.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:24:48.006.INFO.Socket connected to getscreen.me:443..10:27:04.307.INFO

                                                        C:\ProgramData\Getscreen.me\logs\20250106.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):5.003910420855979
                                                        Encrypted:false
                                                        SSDEEP:6:S9mXIX+WgIJUUmXIXNLD4EQMFr2dzvRWl8RvvPNfze9mXIX+WgIJUUckM7kud2Mm:SQKmChjFr2tvvP97KOQj8P40g5T
                                                        MD5:252D239DE3643CF364D04B1E8621DE2C
                                                        SHA1:D3F832DB4D3340F1D32AD3F914FD2A66359AD61B
                                                        SHA-256:3ADBFF5A8F3B7A476EDFB1C0121F556AC583B127451D9AF1C9953B13F3CE3838
                                                        SHA-512:012F9E3DF6F8AD459505EA0100E682C7D06FAB92951CD14ED9C09E9CDB3F351D25549407FAF2A97911CE97F1D626822FCB4FB64BDBBFB4863FC1A37DAE591C20
                                                        Malicious:false
                                                        Preview:13:43:52.700.INFO.Signaling force websocket stop..13:43:54.469.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:43:58.216.INFO.Socket connected to getscreen.me:443..13:46:13.902.INFO.Signaling force websocket stop..13:47:58.211.ERROR.Socket unable to read..13:47:58.211.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:47:58.211.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250108.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):260
                                                        Entropy (8bit):4.823943307003224
                                                        Encrypted:false
                                                        SSDEEP:6:BPMs2XIX+WgIJUU4ciXIX+WgIJUUikXIXNLD4EQPQdzvRWl8Rvvn:OK4FKfChaQtvvn
                                                        MD5:85E9D781037E36243A7A78B96F969B2E
                                                        SHA1:159B4F8F4596CE74731E18F7B4A03F8238F43A65
                                                        SHA-256:986C26B6DBF74069349E6AE95B458983E313A4D23FE1F2B603A11961529CAB57
                                                        SHA-512:2FDC765FA7DD88E6CC14D9C7DB26117E3BA0DB8E3F92CD0D0835D67AE97946969BBADDBCEEF2C467A5147663D89CB564BCEB891305E809395AE581F2ED402B95
                                                        Malicious:false
                                                        Preview:17:02:31.558.INFO.Signaling force websocket stop..17:04:52.321.INFO.Signaling force websocket stop..17:06:51.262.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:06:53.802.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250110.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.893569225032608
                                                        Encrypted:false
                                                        SSDEEP:6:nfXIX+WgIJUNC0MLMXEud2M0CCQP5K0C8/MXADNBQEQaVb2XIXNLD4EQjAy2dzvH:nfBhQj8P40Z/Ma5bVb2Ch+ARtvvn
                                                        MD5:52B2C8049883CB9268AD02011BAA40E4
                                                        SHA1:719261D016A12AD91FD676E4AC75B74B5BDE31E4
                                                        SHA-256:CE1F451DA1829059A4BF39D7B3A7E41AB0FDAC2630F229278577FD0BE6F83102
                                                        SHA-512:A8D042393C87486901921741028FA217D47EE97D8A551C08BCA8624799AB2F1083B4CCCDF0F38CC5DCFB5DA9FEE30B253E5370C14CDBB998AB6AF80BA866D199
                                                        Malicious:false
                                                        Preview:20:22:19.432.INFO.Signaling force websocket stop..20:22:22.560.ERROR.Socket unable to read..20:22:22.580.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:22:22.580.ERROR.WebSocket connection error getscreen.me/signal/agent..20:24:20.754.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:24:34.032.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250112.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.956441354004427
                                                        Encrypted:false
                                                        SSDEEP:6:GQXIX+WgIJUGjfEMAjnOud2M0CCQP5K0CLrTADNBQEQ4:DYWLQj8P40q+5T
                                                        MD5:933566A2848D6CDC9728021A1C35FC7E
                                                        SHA1:86367CB9FEB9109EECB9CBCDD7A9EB6BADD5FA48
                                                        SHA-256:137C025AFA2ABA6F74C07AA04F09C398057B8C801C9BE39EF6C0937284E75484
                                                        SHA-512:61B81B34F3C807D14E3B6AB640AB2449949310256EFDA72E937A900B81B7E9A703C927999FC7BB7B73113A5B2397A9B95C577B98217D1C7A03593B1FA483179B
                                                        Malicious:false
                                                        Preview:23:39:12.928.INFO.Signaling force websocket stop..23:39:16.265.ERROR.Socket unable to read..23:39:16.296.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:39:16.306.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250114.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.977970640853628
                                                        Encrypted:false
                                                        SSDEEP:6:yK2iXIX+WgIJUqWSXIXNLD4EQL3t22dzvRWl8Rvv93CmXIX+WgIJU20MHyud2M0M:yviOCha3tRtvv93CmUVQj8P40xd5T
                                                        MD5:BE9B2FFBCEFE59E58EDD5F2CAE93B0F7
                                                        SHA1:5E9B0BDF112197049E99A5B566AA624CCEECC1ED
                                                        SHA-256:BA07A9C487C1C7E71AD114876FAE232CBAC35211AAB7D99D29177EC43B6C62A9
                                                        SHA-512:72D601F014450A567F4D199BBE172C04745C110432537FC5276E38C4EE6B6CB74A705ED58EAD8126A9777D6F59EE136CD5D5BFA608A43A99353010E05AE1A2AA
                                                        Malicious:false
                                                        Preview:02:55:42.353.INFO.Signaling force websocket stop..02:56:06.302.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:57:12.095.INFO.Socket connected to getscreen.me:443..02:58:16.801.INFO.Signaling force websocket stop..02:58:17.082.ERROR.Socket unable to read..02:58:17.102.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:58:17.112.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250117.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.772505082983201
                                                        Encrypted:false
                                                        SSDEEP:6:VSiR2XIX+WgIJUyNA12XIXNLD4EQPAWdzvRWl8Rvvn:VHR2x12Chextvvn
                                                        MD5:930F63C9A85340E53A2CBE8DF6C63794
                                                        SHA1:ADA18E7F1A58AE12B4C07C96A5C3B051A9B1A521
                                                        SHA-256:F97DF08BEA6ECD5AA6B7F4BC74874F69EAFB58B1E5E599554F0D18A355AD4B0C
                                                        SHA-512:30A6BAFEAEF8A893A3CFB6368ADADDB7576477B321CB7794AA16F0DB606CA75E6D5AB71C76AD8B567EBF80EB95A0F743819922A43A9DC6CBE5740690F5FDAC5C
                                                        Malicious:false
                                                        Preview:06:13:05.274.INFO.Signaling force websocket stop..06:14:06.256.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:14:09.702.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250119.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.944034878359258
                                                        Encrypted:false
                                                        SSDEEP:6:4TrXIX+WgIJU2UMgfMud2M0CCQP5K0C03ADNBQEQ4:YoiBQj8P40n3q5T
                                                        MD5:1F71AFF5362A50FE69E322791096CC33
                                                        SHA1:3358E908F1013012DF15FD864ED2B09924293583
                                                        SHA-256:8A42FE8F1DDD7CE960639364CC9DD44CABAD23E6294FC092348971CE71E956F7
                                                        SHA-512:5FC7E5881B89CFE19CA158BF8751A2C3776324E94BF960619E9BFA7B8F76E64EF43FD72C601110E0010A4C9D910886256D45A58B15EDCDEAC80D2C9CF86EEC16
                                                        Malicious:false
                                                        Preview:09:29:55.112.INFO.Signaling force websocket stop..09:29:57.430.ERROR.Socket unable to read..09:29:57.430.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:29:57.440.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250121.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.749275303222613
                                                        Encrypted:false
                                                        SSDEEP:6:O5PWTXIX+WgIJUU+ZoXIXNLD4EQHVQdzvRWl8Rvvn:k4K+WChgVQtvvn
                                                        MD5:B567F0EBC2BF45F324DF5655A9BE8856
                                                        SHA1:9B6445B73339F21801AAEFEC54522C0D4B7BC188
                                                        SHA-256:AF54DCC08A0F50BCFE0B1129293FE080A0B716EEE6CA52F5135CFB00B3417287
                                                        SHA-512:9D4A0455811CB2FD01507FCF22284AF0DEAD1354D6B2B7581C54DE3339B6D53D1180B6F57D476F91D433A4EA4B034C0C179D2E7930ED7C36C6FF9AF17487B7A6
                                                        Malicious:false
                                                        Preview:12:45:13.010.INFO.Signaling force websocket stop..12:45:40.488.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:45:40.732.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250123.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.94284837841746
                                                        Encrypted:false
                                                        SSDEEP:6:KvU3XIX+WgIJUUnFMWFud2M0CCQP5K0CHBDNBQEQ4:2WKWQj8P40q5T
                                                        MD5:70D2B811DF7F78D2B9D2DBE31C4D201B
                                                        SHA1:5AFFA2DF0C9D35B969F7FAF4B5E068CED9E6C39D
                                                        SHA-256:7061F1914F06098F0097431DE85DB66BDE229B2E056213AE6341F3C8BC327A16
                                                        SHA-512:F86EC7AC0437D1A649593A533D331E7D4E31A7268020E667F622110CD21326F8A9D993A4EE7E86D11693D8F59DC315DB0D185A7E87B64821D23F316AA9AA4607
                                                        Malicious:false
                                                        Preview:16:00:34.049.INFO.Signaling force websocket stop..16:00:35.948.ERROR.Socket unable to read..16:00:35.948.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:00:35.948.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250125.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):571
                                                        Entropy (8bit):4.997781197006121
                                                        Encrypted:false
                                                        SSDEEP:12:93+QKKChlTc2tvvOy2KYeQj8P40VBK5H25:8Q/GlTc2tvWlcDAKiH25
                                                        MD5:C4B3D610C744604AE5607E22C5E503AB
                                                        SHA1:6E66329A8DE705D1AE2B3419B16C231584401347
                                                        SHA-256:4EEAC4F24E55FE23C093882BD52806CD097C871093C7EF34B62C5B3855754296
                                                        SHA-512:B25B1626AF434CBF8F148C6AB352BB82322224FCF9E7721E7DC656D94171A0641BF55C9ACD77E3590AF1143FC19AB82E56C6CF5D030231649F87830E14599ED8
                                                        Malicious:false
                                                        Preview:19:17:00.601.INFO.Signaling force websocket stop..19:17:18.798.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:17:21.616.INFO.Socket connected to getscreen.me:443..19:19:37.684.INFO.Signaling force websocket stop..19:19:37.774.ERROR.Socket unable to read..19:19:37.795.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:19:37.815.ERROR.WebSocket connection error getscreen.me/signal/agent..19:21:56.576.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250127.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.737684479807906
                                                        Encrypted:false
                                                        SSDEEP:6:IN5as2XIX+WgIJUM/xXIXNLD4EQhs+2dzvRWl8Rvvn:y2cCh42tvvn
                                                        MD5:135B023D9F1F4A7A32FAA0F1F08864C5
                                                        SHA1:4CF615F78C981ECAD836E6A019D15A4F90E95D2C
                                                        SHA-256:E4F544E32B668428903FCE661FAEAAEDD19C0327F667FEB210468FEB70A834B8
                                                        SHA-512:6D78DD450B8CD58E15A05579835548977638041609C29D100645E6D7AC24C6F3EB896BC2733D3F0318689B6346DBE9EA15CD218A238416B4BFE65140A582CC50
                                                        Malicious:false
                                                        Preview:22:36:25.797.INFO.Signaling force websocket stop..22:36:28.029.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:36:39.632.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250129.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):450
                                                        Entropy (8bit):4.947175548826129
                                                        Encrypted:false
                                                        SSDEEP:6:gQpciXIX+WgIJU+bNyMofDrBEud2M0CCQP5K0CXrBADNBQEQYGFCXIX+WgIJU+dY:4igbNMbfQj8P40wo5kwggChY
                                                        MD5:065C00137F605B4EB8358ADD78392617
                                                        SHA1:E09526CE7F89FE9A9F454D93A3C88044C31F01E3
                                                        SHA-256:5279CF304E2623ECFF2D6D8C062B7FFE51934A69F9025865D36D73CF2EEC090E
                                                        SHA-512:D921EA2C8638B28747A0C7618261F76E1C157FB2AD5F2D30B3C4D8718466E71FCC5FC9BA193E0BE343C2E91BFDF512DB3452CD46F9A5EC037C91C2D99FC0C5E7
                                                        Malicious:false
                                                        Preview:01:51:58.931.INFO.Signaling force websocket stop..01:53:01.045.ERROR.Socket unable to read..01:53:01.065.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:53:01.065.ERROR.WebSocket connection error getscreen.me/signal/agent..01:55:19.918.INFO.Signaling force websocket stop..01:55:55.925.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20250201.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):473
                                                        Entropy (8bit):4.930075640680245
                                                        Encrypted:false
                                                        SSDEEP:12:Ds2kuXtvvoBBRQj8P400BBq5QyXCh1Xtvvn:DXkytvQFDA9uxGBtvv
                                                        MD5:2EAC027D562FDA225150F3709D91C529
                                                        SHA1:0DCB385BFFDF9428E3237FAF6345DCDCAE1B5631
                                                        SHA-256:3742FB24E302D1B7164776AF383276C8C6F83E3413D3889A02B7E4338F54D38D
                                                        SHA-512:8EBDE2A922869F53211222DE827FD595579B2B136A64512C607AB104644E0F1AAC24C2BBE7F9CF2967C9F43DFCEE97A019DBF6143CAC460A5E0F0BBF3AC4B54D
                                                        Malicious:false
                                                        Preview:05:10:29.970.INFO.Signaling force websocket stop..05:10:30.181.INFO.Socket connected to getscreen.me:443..05:10:32.008.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:10:32.008.ERROR.WebSocket connection error getscreen.me/signal/agent..05:12:16.785.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:12:21.047.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250203.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.982169254081099
                                                        Encrypted:false
                                                        SSDEEP:6:B2XIX+WgIJUPrgyMZrgyud2M0CCQP5K0CK/rg2DNBQEQYdKXIX+WgIJUVX2XIXN+:ARrgNrgjQj8P40ngU5O7X2ChKVtvvn
                                                        MD5:CF98EA0331C3BF91E91EB26EC0EFB9BE
                                                        SHA1:DC9E6D544FD5B59B90B61358743BDB2A63AAE0A1
                                                        SHA-256:B709DBF742FB94B502C6E6490440A1735D96D0E6C2B2094125EEA58E572DE0F1
                                                        SHA-512:2590FB27D342DAD01FF846C272BFCDB0181227B1CB8B63753168F311445533BAA70DBF1FEC9892B979174ED598EA97754007716F2D850E553362B943E3D721E1
                                                        Malicious:false
                                                        Preview:08:28:06.015.INFO.Signaling force websocket stop..08:28:07.394.ERROR.Socket unable to read..08:28:07.394.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:28:07.394.ERROR.WebSocket connection error getscreen.me/signal/agent..08:30:19.399.INFO.Signaling force websocket stop..08:30:35.566.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:30:36.472.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250205.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.945737122461442
                                                        Encrypted:false
                                                        SSDEEP:6:DfXIX+WgIJUUVfNMUfNud2M0CCQP5K0C1fJDNBQEQ929mXIXNLD4EQeddzvRWl8t:LKGQj8P40o5S29mChptvvn
                                                        MD5:6E39ED056B13312D8CFA1C6BCDC3222D
                                                        SHA1:3E7456D5A6DAEED502D4F013D3C13811B4F3BAA4
                                                        SHA-256:CD37F12B2D0DDFAD167727538C7C72F9A36E425155A6EC0C812850C85E1D91C4
                                                        SHA-512:6BFF2DFD54A824B4A3CDDA662A023740C59C51731218C82FD654655FE4C30AA14C0C82A6320B6B9794C5577B2B5D6C416C2A3F20C6E43BC7B024C394C29019E6
                                                        Malicious:false
                                                        Preview:11:45:50.409.INFO.Signaling force websocket stop..11:45:51.665.ERROR.Socket unable to read..11:45:51.665.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:45:51.665.ERROR.WebSocket connection error getscreen.me/signal/agent..11:47:48.009.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:47:53.580.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250207.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.968796975661197
                                                        Encrypted:false
                                                        SSDEEP:12:7SQKG6Qj8P40cb5JzEs2ChfmtvvOK31jxBQj8P40y65T:mQZ6DADtJoGutv2sNzDA8T
                                                        MD5:96DCB528BEA68E6BFB52C1A068A0A741
                                                        SHA1:C78469BDC6BD1DE88570082031B7926D7E7FECA2
                                                        SHA-256:4EA7D981BF2AB5C30DE75DB8EBF21253F3427B670BC2BC9970F6BCED2DE8187C
                                                        SHA-512:B5805874DB9CC777BF2D1EE8995A9CCD3020B2BEFC05FC7DB442E2C1BC400B309BDAB5FF4D9BAF9853AB1CF1186B19FCCFD6EAF417F591625B21C1FC21166BE3
                                                        Malicious:false
                                                        Preview:15:02:52.693.INFO.Signaling force websocket stop..15:02:55.441.ERROR.Socket unable to read..15:02:55.471.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:02:55.471.ERROR.WebSocket connection error getscreen.me/signal/agent..15:04:13.154.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:05:20.325.INFO.Socket connected to getscreen.me:443..15:06:24.833.INFO.Signaling force websocket stop..15:06:24.983.ERROR.Socket unable to read..15:06:25.004.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:06:25.004.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250209.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):260
                                                        Entropy (8bit):4.776771528132106
                                                        Encrypted:false
                                                        SSDEEP:6:E/y2N2XIX+WgIJUUTSAXIXNLD4EQL2dzvRWl8RvvM2XIX+WgIJUn:E62N2KTVChxtvvM25
                                                        MD5:D6F403E223873663E9A8E7D8E500EBBF
                                                        SHA1:57A949057D7053A9AC893E084FFABE67D4884251
                                                        SHA-256:89E3F95F6C4E8DFA357DDEEB4C3269F719744E48B1AFB142419EEFE263959C82
                                                        SHA-512:02606FA279258BF5B1A8C145BCC021F98690961D357828AD77D97DFAC9B505E8A33C24274E09776E2A14C965B5046E3FE901854F7F4559DEAEDEFCB10B95D69F
                                                        Malicious:false
                                                        Preview:18:21:22.818.INFO.Signaling force websocket stop..18:22:01.572.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:22:03.617.INFO.Socket connected to getscreen.me:443..18:24:24.831.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250213.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):255
                                                        Entropy (8bit):4.795865789026863
                                                        Encrypted:false
                                                        SSDEEP:3:eXRsLXKZA12/dl+//KKX76VyITHiC1uPLRyOML0HiCdLKDAUOg1MGXAELD8KruA:IAM1ud2M0CCQP5K0CCQDDNBQEQ4
                                                        MD5:156484C86F5BC38A1B4DFEC30E7F94C6
                                                        SHA1:6B224DBE5D79A9FA985F010F97AC548C5BBFCBE7
                                                        SHA-256:82318DD9070DA4155AF6468D68756C6233ADADFC3611F0901AA8151A3E78A078
                                                        SHA-512:D79A6CB5B1E3F9561A7B4716A4E12BA6F5E5C61BD6FC1BE11391AE2846EF0319BA12DE93C11E72526AA35561C1D38C7157F31BB4B7BEC9598BC7BF5819023BA1
                                                        Malicious:false
                                                        Preview:00:55:00.524.ERROR.Socket unable to read..00:55:02.973.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:55:02.983.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250215.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.971001020740424
                                                        Encrypted:false
                                                        SSDEEP:6:R2XIX+WgIJUJDLIn2XIXNLD4EQNlGdzvRWl8Rvvbn1ZX2XIX+WgIJUjtLHMJjK3P:R2f02Chttvvj112htLyGBQj8P40PG65T
                                                        MD5:B9C278515C9CB52BADC1CE8CA3A3EC78
                                                        SHA1:75D0AC4923F250CF19E0E1F3221C8B1C93C4ECF5
                                                        SHA-256:1FE1C69289A912B28EB9E2D0C9421C1C73045028736CBC96192B5271BF7F48F4
                                                        SHA-512:43E8B0F0FA44A90DD92D7F1460685B4D299AD638F6201F69F18F11CCA521771EECBFD7614995D8CE257FB9E3EC94BCD38FBD40CAD3457A32D933EA0F291B6C8D
                                                        Malicious:false
                                                        Preview:04:11:07.559.INFO.Signaling force websocket stop..04:11:26.177.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:11:32.410.INFO.Socket connected to getscreen.me:443..04:13:50.146.INFO.Signaling force websocket stop..04:13:50.367.ERROR.Socket unable to read..04:13:50.387.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:13:50.387.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250218.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:SXuIWc22XINF+WgIO0/Vyn:SeIb22XIX+WgIJUn
                                                        MD5:C8637DB49B00B35BBB246AC3DFF0872E
                                                        SHA1:598D9EFCC0143F0AC6F276CF3844845CFC36CC84
                                                        SHA-256:FCF39E2898A4A3DF45174C44E5F2F09E7450775A8E74B21AB7C68A437810D080
                                                        SHA-512:B01838F378B25834BD269CDAE956303DA80941F45B2EFFB293EC5FA95F124B0AD46E3880D189A6103699F14297FA73C7DAF252CDCF88FB2077728A8D157A4C20
                                                        Malicious:false
                                                        Preview:07:29:27.395.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250220.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1234
                                                        Entropy (8bit):4.979955388826745
                                                        Encrypted:false
                                                        SSDEEP:24:McpGqQtvSPDAt4apGNdtv5BTWBW1DACW+jR1uG2tvv:CtmDQq1ig1D0+jRla3
                                                        MD5:474F9749FF4F00CF1C433CD54656FECA
                                                        SHA1:92C17853BB49B846BD1D736ED073B68A6798F60C
                                                        SHA-256:DE3CA9A8590F685EB2CD295604DB3B7262F6806FABBD615C213907E5B2BEFA2E
                                                        SHA-512:72A5454FE393490B2F5C59F947D6F1F4CDFD8B6D39C342A9949F63D4AD87AB416972CB26A01C51EA31FBF785FA178D9290804D5A11DFB83AC41164964B59A253
                                                        Malicious:false
                                                        Preview:10:44:10.823.INFO.Signaling force websocket stop..10:44:40.992.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:45:47.278.INFO.Socket connected to getscreen.me:443..10:46:54.778.INFO.Signaling force websocket stop..10:47:00.215.ERROR.Socket unable to read..10:47:00.215.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:47:00.215.ERROR.WebSocket connection error getscreen.me/signal/agent..10:49:25.580.INFO.Signaling force websocket stop..10:49:55.550.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:49:58.234.INFO.Socket connected to getscreen.me:443..10:52:20.117.INFO.Signaling force websocket stop..10:52:20.368.ERROR.Socket unable to read..10:52:20.368.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:52:20.368.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250222.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):367
                                                        Entropy (8bit):4.995189895156038
                                                        Encrypted:false
                                                        SSDEEP:6:IQ2XIX+WgIJUUD1bMu1bud2M0CCQP5K0Cj1fDNBQEQHi4mXIX+WgIJUn:IQ2KZ16Qj8P40ib5sm5
                                                        MD5:E800E34C8B897CC9A216C16FCE1776F0
                                                        SHA1:B0659A6F4C69DE3EC108DF2F2750623BDF039A85
                                                        SHA-256:F22B0B8421927BA70C4A920F280EFEAE25084D9C2885FE2BD7B10678A82BCB23
                                                        SHA-512:482F9556B6730A4D1973B22A3BD2D39B1CC3783864821AE2E04DAA6551AF17C6D9A84B29BB9897E0D5E9EF62A44492FB07522D1AFE2C30DE0D0061E4BB67EAB5
                                                        Malicious:false
                                                        Preview:14:12:05.746.INFO.Signaling force websocket stop..14:15:22.496.ERROR.Socket unable to read..14:15:22.496.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:15:22.496.ERROR.WebSocket connection error getscreen.me/signal/agent..14:17:48.000.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250224.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):139
                                                        Entropy (8bit):4.758522726744603
                                                        Encrypted:false
                                                        SSDEEP:3:L+scmWR2XINF+WgIO0/VyU3X/Z7riXINFDhL1JDEELD8Kru5:Da2XIX+WgIJUU3FiXIXNLD4EQh
                                                        MD5:70F695EEC299F9F5BA576904503A9E20
                                                        SHA1:E9735A7735F18A327757518999F0C03517F5FB6C
                                                        SHA-256:065E2A24BADE8554735DCDB0173F4F3637003258F7B065177A3BCC36E1560178
                                                        SHA-512:E93EC163021748C157D5362C10BF5A134B4E55714E869EACDA2DA32C81D0B98C34042FA9DEE0D89658CB653A3559D3169C6E26F1E419AA9DC60905F2C52EB243
                                                        Malicious:false
                                                        Preview:17:32:19.734.INFO.Signaling force websocket stop..17:32:28.282.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20250226.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2732
                                                        Entropy (8bit):4.989858310947518
                                                        Encrypted:false
                                                        SSDEEP:48:mYHDp/bVS+qRDpKbV6+8P2DpqbVZ+mdkkBDsSbvxu3p6Dztb68YDeT:J4+t8+Y7+ZkeSduZStOST
                                                        MD5:081716D6662B71C2D8FDE3533D1A469F
                                                        SHA1:F87AAD5B4EED1E33D00E28EB990E080245513C93
                                                        SHA-256:65D7E62FBBF106567153D5D5CDA617F2AC95918EFBA1BDDA5AB9DB77367E0A43
                                                        SHA-512:F2E119AFC8A69DF0B8D36C4D089F8FF1686F69893DED66954021271DBE8AC3F2867D479DFC9D9B949517BE8833AD34603840B0261D74E633E4AECDE99D42E36F
                                                        Malicious:false
                                                        Preview:20:47:07.619.INFO.Signaling force websocket stop..20:47:08.861.INFO.Socket connected to getscreen.me:443..20:47:18.899.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:47:18.919.ERROR.WebSocket connection error getscreen.me/signal/agent..20:49:27.328.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:49:59.012.INFO.Socket connected to getscreen.me:443..20:51:51.887.INFO.Signaling force websocket stop..20:51:55.093.ERROR.Socket unable to read..20:51:55.093.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:51:55.093.ERROR.WebSocket connection error getscreen.me/signal/agent..20:54:09.213.INFO.Signaling force websocket stop..20:55:21.524.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:55:29.759.INFO.Socket connected to getscreen.me:443..20:57:46.110

                                                        C:\ProgramData\Getscreen.me\logs\20250228.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):3070
                                                        Entropy (8bit):4.972086306808847
                                                        Encrypted:false
                                                        SSDEEP:48:mR+fsD/kBUs/QqDI9UnMRl8DIz9QWDMz2kw2vBDJvS+tIQBDtSRB43:M+akgUMRl1z9az2SvbvSSoRc
                                                        MD5:A3A298B21393DCAD920AF7A7E845AFD1
                                                        SHA1:19E207548A8FB2CFB52BC3413CE77AC57533BE84
                                                        SHA-256:8090E1F979373377D11429B8FB0D801A9A7EE68D199EBD1F73E15E61848E0E2A
                                                        SHA-512:1DFEB8C7B8E086548F25D21FDFC5FE57A906F11A89B440BA293A45EFF9EC5842A07FCDCFFE0C6563AA7576FCF107C38C505C556DD901535A7C371728E1A8E5AE
                                                        Malicious:false
                                                        Preview:00:27:53.396.INFO.Signaling force websocket stop..00:29:33.793.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:29:42.791.INFO.Socket connected to getscreen.me:443..00:31:59.402.INFO.Signaling force websocket stop..00:31:59.674.ERROR.Socket unable to read..00:31:59.674.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:31:59.674.ERROR.WebSocket connection error getscreen.me/signal/agent..00:33:44.528.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:34:03.497.INFO.Socket connected to getscreen.me:443..00:36:08.371.INFO.Signaling force websocket stop..00:36:10.094.ERROR.Socket unable to read..00:36:10.435.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:36:10.435.ERROR.WebSocket connection error getscreen.me/signal/agent..00:38:24.227.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250302.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.937344321722469
                                                        Encrypted:false
                                                        SSDEEP:6:Kl2XIX+WgIJUjRtdyaHMJRtdyaHud2M0CCQP5K0CG/RtdyaDDNBQEQ4:Kl2h7ly7lOQj8P40P7ln5T
                                                        MD5:6454D26D74FC75B4E5FF4842D2DEB950
                                                        SHA1:64C0C834CCEDE33A0878770973BBD7565852E30C
                                                        SHA-256:8BD2D3C3997CFDF921462CBEFFD2B8A048406117CCD42F9B290A0EFF1961DD69
                                                        SHA-512:4AA4B0FC32F099B2F7C46DA0D02F5D700E56AE3B2409BF37BA56E7294CB645C0DFB50FEB9BF440283BC675055F5504158C7B7E597835A2A6F40DCAF51160C0E6
                                                        Malicious:false
                                                        Preview:04:13:33.126.INFO.Signaling force websocket stop..04:13:44.719.ERROR.Socket unable to read..04:13:44.719.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:13:44.719.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250305.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1545
                                                        Entropy (8bit):5.003230572025477
                                                        Encrypted:false
                                                        SSDEEP:24:nDUGWtv8XHujDAYA44KpGjtvlXN+2BDAgSDSGxtv1OEUDA9T:DJ603mDavpdo2D2nTcEUDgT
                                                        MD5:B39B10FA4396082666978AD543092E22
                                                        SHA1:0AF4DDE30E3BB36E77AD1C0DD53561AE21E9B107
                                                        SHA-256:90E59036D00289393102C261282FABC44E745C83C633AC986D5BC8A40284AD9F
                                                        SHA-512:61671B114DCF065CACA87F60082D4135D98F3BC80437C3E179F9588FF3C3BAC2C1EEFF49DF63719B2745885482BCA2E3EA06AB26D9821F45AB23BDF9A27CBC94
                                                        Malicious:false
                                                        Preview:07:28:15.040.INFO.Signaling force websocket stop..07:28:32.925.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:28:52.458.INFO.Socket connected to getscreen.me:443..07:31:03.855.INFO.Signaling force websocket stop..07:31:05.184.ERROR.Socket unable to read..07:31:05.194.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:31:05.194.ERROR.WebSocket connection error getscreen.me/signal/agent..07:33:30.681.INFO.Signaling force websocket stop..07:34:07.229.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:34:36.241.INFO.Socket connected to getscreen.me:443..07:36:31.955.INFO.Signaling force websocket stop..07:36:32.276.ERROR.Socket unable to read..07:36:32.276.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:36:32.276.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250307.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.902696305646314
                                                        Encrypted:false
                                                        SSDEEP:12:M6KrX2Ch0x2tvvMXKSQj8P40m5c89mChCtvvn:M64mGjtv83DATcKmGCtvv
                                                        MD5:06A65143D5F5FEE2B4BCC099C8145FE2
                                                        SHA1:4278819E8FD8239C4D659876F532202D32B02CED
                                                        SHA-256:59A7C865AEE04E3B5535DBB5F162FD76EC78D29E76073142A15E79D6BC357E4F
                                                        SHA-512:8AF5F3C500CBDF7F6FBDB86F2A1588BE13C66F31CFEF132D88202E3899BE5E32F05EEBFE84194F62B3EE5B6339A18460BF1F496B487827A95348D85619995437
                                                        Malicious:false
                                                        Preview:10:57:55.323.INFO.Signaling force websocket stop..10:57:55.444.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:58:08.033.INFO.Socket connected to getscreen.me:443..11:00:54.047.INFO.Signaling force websocket stop..11:00:54.078.ERROR.Socket unable to read..11:00:54.078.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:00:54.078.ERROR.WebSocket connection error getscreen.me/signal/agent..11:02:05.405.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:02:10.101.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250309.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.940775100599943
                                                        Encrypted:false
                                                        SSDEEP:6:IqvXIX+WgIJUU8EMfEud2M0CCQP5K0CcADNBQEQOs2XIXNLD4EQ1vXdzvRWl8Rvv:ImK2Qj8P40A5o2ChKtvvn
                                                        MD5:B818B4C9FC80BD03190EDB018CB3DD07
                                                        SHA1:8E5DAA45482D6D1CDDA2266C1B62B200675070DC
                                                        SHA-256:3009B6EBD8D403186A2EDF23E026E40E7540160D5AC482666CB8349651DB0028
                                                        SHA-512:308FBDA21F1867B2111962FD039F5379AF04A64ABABAD8A2A45AA255A34DD3C2296A9E8C9C2853219DD83B5F04BC80F0E1B7E85038B64F65DC527EF26FB1AE31
                                                        Malicious:false
                                                        Preview:14:17:14.681.INFO.Signaling force websocket stop..14:17:15.744.ERROR.Socket unable to read..14:17:15.744.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:17:15.744.ERROR.WebSocket connection error getscreen.me/signal/agent..14:19:15.251.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:19:15.259.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250311.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.992289080612134
                                                        Encrypted:false
                                                        SSDEEP:6:aKs2XIX+WgIJUU3lNHMolNHud2M0CCQP5K0CXlNDDNBQEQBXIXNLD4EQkV9mdzvH:a32K3PGQj8P40Y5sChrmtvvn
                                                        MD5:3747FAB3CEE5EBD598E374C336A12160
                                                        SHA1:A654FE9DE942557EEA2000315C0242FC06E1A286
                                                        SHA-256:ECAE7E3C97AD9044B675D39CB25F91557568A1931B9687A5E79E0115C20AB76D
                                                        SHA-512:89773DDC74CFFC55DE78A3F3C395E8CB427839D971804FF0642D2F0864683E88D303CB123B56B1ABC0B4353654597484BC385DE49872233F45DEAAF0500D08D3
                                                        Malicious:false
                                                        Preview:17:34:54.094.INFO.Signaling force websocket stop..17:34:55.861.ERROR.Socket unable to read..17:34:55.861.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:34:55.861.ERROR.WebSocket connection error getscreen.me/signal/agent..17:36:52.730.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:36:58.760.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250313.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1744
                                                        Entropy (8bit):4.980295828806399
                                                        Encrypted:false
                                                        SSDEEP:24:BYDAgvbVl2G+MtvzuRQoDAgd3bVp7G+ztvRBDAKb1lXG+0tv/KDBjDAyT:SDpvbVlv+8oDp9bVE+5zDXb1c+UHMDrT
                                                        MD5:E343926A918811E010BC745FCB3A792F
                                                        SHA1:220EF968A08F59BBAEC4935C95EF2863861AC3E4
                                                        SHA-256:27681B930ECA9CFC64B610C0F40C853E45D01F916963A1BDBC46A507EAC0D5AA
                                                        SHA-512:85CC1FA80466774BD0BB6C2ADE8610EF16485870B9692A086E9EEB77684872CB7C2F5768489E85E1AE25F5F820556AF510EDF703C8F86F9D2B31B9709FEF7AA9
                                                        Malicious:false
                                                        Preview:20:52:10.069.INFO.Signaling force websocket stop..20:52:13.948.ERROR.Socket unable to read..20:52:13.958.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:52:13.958.ERROR.WebSocket connection error getscreen.me/signal/agent..20:53:39.406.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:54:45.235.INFO.Socket connected to getscreen.me:443..20:55:53.329.INFO.Signaling force websocket stop..20:55:53.438.ERROR.Socket unable to read..20:55:53.438.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:55:53.438.ERROR.WebSocket connection error getscreen.me/signal/agent..20:58:19.028.INFO.Signaling force websocket stop..20:58:54.661.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:59:00.540.INFO.Socket connected to getscreen.me:443..21:01:19.021.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250315.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.919448888580038
                                                        Encrypted:false
                                                        SSDEEP:6:49mXIX+WgIJU7VXIXNLD4EQJT+XdzvRWl8RvvX+sriXIX+WgIJU2IMEud2M0CCQD:49mhVChS+Xtvvus2CQj8P40h5T
                                                        MD5:966C9531BC5F48F1C63708420D85BC4D
                                                        SHA1:AD53DAC08F496D9EC087C51C2E627FE8B0DEE409
                                                        SHA-256:981D26840C76404D2498DA1E1D3EA0F149DC6CE16763F68F87F5B3C6FDDCD7FD
                                                        SHA-512:056B3C0EFBAE5BB41323EB9FD391C7C5EA70CF758CEF6B6B6D3AFE42A84991BCF850F9F34A52F704A529E6CB1D89C0F4E9FFC1D06B0CA04AFC68A9D47C7C43C3
                                                        Malicious:false
                                                        Preview:00:20:26.843.INFO.Signaling force websocket stop..00:20:59.302.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:20:59.790.INFO.Socket connected to getscreen.me:443..00:23:22.779.INFO.Signaling force websocket stop..00:23:22.859.ERROR.Socket unable to read..00:23:22.900.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:23:22.910.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250317.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.947531461883034
                                                        Encrypted:false
                                                        SSDEEP:12:OWr2Ch/RTtvvFpnQj8P40X5gjmChTtvvn:OWr2G/RTtvNtDAwgiGTtvv
                                                        MD5:BE78CBA986A3DC5BF6AC1B007BC07E1C
                                                        SHA1:6408E1648A19E3378BAD9BF5CDD6E507C06917D3
                                                        SHA-256:296EBBF7256B5E9F0F61FBD685F2DF8EB707328F68477A8C1E0D9D00A6CAB14B
                                                        SHA-512:99D8FF87100A488F25FF80710AD94673C3112A4A2439C8A902150578B82522886BFA1682803CF624527E1EB9A36ECFB463805BBF0F056FC6DC292B5F54EEC95B
                                                        Malicious:false
                                                        Preview:03:38:40.289.INFO.Signaling force websocket stop..03:39:01.996.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:40:39.513.INFO.Socket connected to getscreen.me:443..03:42:59.363.INFO.Signaling force websocket stop..03:42:59.644.ERROR.Socket unable to read..03:42:59.644.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:42:59.664.ERROR.WebSocket connection error getscreen.me/signal/agent..03:45:12.888.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:45:15.550.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250320.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.969094492079148
                                                        Encrypted:false
                                                        SSDEEP:6:GuQXIX+WgIJU2fjHMofjHud2M0CCQP5K0CEAfjDDNBQEQ4:GuQcjJjOQj8P401cjn5T
                                                        MD5:8C8CF0BF3AF0AE39FDCD57DFE540F5D9
                                                        SHA1:249EA80B66E811A758785176A3904192486B5298
                                                        SHA-256:B1BE38F5B9204DE41FE239D357E9EAEF3C442CDEB48EEA4C36C6711A32D507A1
                                                        SHA-512:48C59E4742A9854E05AAD182364115CCF8444EF7276C6DCF9FA0C1F8A96F1F45223A48379204BBD3C0CBBD5903020C99D5F36C771498AD1BDB53156FC9B07E67
                                                        Malicious:false
                                                        Preview:06:59:45.678.INFO.Signaling force websocket stop..06:59:48.167.ERROR.Socket unable to read..06:59:48.167.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:59:48.167.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250322.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.989971704988403
                                                        Encrypted:false
                                                        SSDEEP:6:McEs2XIX+WgIJUUTNn2XIXNLD4EQNfWhs2dzvRWl8RvvMU9X2XIX+WgIJUUDnEMW:MhKTR2Ch4GtvvMSmKDAlQj8P40IW5T
                                                        MD5:A996C410629D6872E7B427DD47D01297
                                                        SHA1:6F1DFB297FB6552FCBCDBDAB678F561B3B9A0CE4
                                                        SHA-256:340789E0444790529A972B50535A949F7E52D150968A1D488DE8AC6E6AE558DC
                                                        SHA-512:BC88C1447B12B6F6D6C4973F8AAD36589D8F88409A7F13A8A48C9ACCBD15EEC1822264E043245C5E9E8BFD94EFD586A45822E9116700911D59F7ECF92475CDBF
                                                        Malicious:false
                                                        Preview:10:15:07.897.INFO.Signaling force websocket stop..10:15:29.294.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:16:34.005.INFO.Socket connected to getscreen.me:443..10:17:43.527.INFO.Signaling force websocket stop..10:17:43.827.ERROR.Socket unable to read..10:17:43.878.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:17:43.878.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250324.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.7662884159040795
                                                        Encrypted:false
                                                        SSDEEP:6:RijX2XIX+WgIJUU1sXIXNLD4EQc5UQdzvRWl8Rvvn:Rir2KWChvtvvn
                                                        MD5:F0F7EB81CC73F452C5AA929EE13F7805
                                                        SHA1:18E9D0D989BDB73B59650197915FA130F3C05281
                                                        SHA-256:14F6D2D9A7FF2438D1EACBBD568926CFAC15B65F1860E3EA283FF5F327378D3C
                                                        SHA-512:40D40831BC5708A347F72F1DED9B653B1BE980910DB7A5D5D10E46CA3EA26D7052F959A6CD2ABE9E72B6A1E8113D23B9C925461BED9A38D62C6DF209E94AD31A
                                                        Malicious:false
                                                        Preview:13:33:09.626.INFO.Signaling force websocket stop..13:34:09.708.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:34:13.951.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250326.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):450
                                                        Entropy (8bit):5.003533059360241
                                                        Encrypted:false
                                                        SSDEEP:6:KycRXIX+WgIJUUkBMBbsjHud2M0CCQP5K0CEbsjDDNBQEQi6tJr2XIX+WgIJUUgi:gRK/sjOQj8P40bsjn5V6tJr2KzChY
                                                        MD5:4753935FD64F711DD18C8E157C34CB6B
                                                        SHA1:0B100838279FA2B4739C7F1238D06844C6AB6AE5
                                                        SHA-256:B98204F80B534471760AA12AC5E832C8C47E7ABE55FAB6DFAC24C10DECD70375
                                                        SHA-512:DDAE97827D62E69BDF3CDC6A4749AAF09A1B84C9885697C375BEA344DD7A9AA2C418926B065E62B07AA1B80D443B2B201714A036F707DADDF8AD057B0DACAF2D
                                                        Malicious:false
                                                        Preview:16:50:56.940.INFO.Signaling force websocket stop..16:50:59.018.ERROR.Socket unable to read..16:50:59.039.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:50:59.039.ERROR.WebSocket connection error getscreen.me/signal/agent..16:53:24.424.INFO.Signaling force websocket stop..16:54:22.068.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20250328.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):529
                                                        Entropy (8bit):4.966185524578162
                                                        Encrypted:false
                                                        SSDEEP:12:sO2+mritvvsYTQj8P40ZyYdb5bV7ifCh+avsritvvn:sO2+citvEYTDAgyYdtbV7ifG+avs2tvv
                                                        MD5:CDC109C4DBDBD94FD6C690107B8DCF6C
                                                        SHA1:2E1833F65E5215E2518ED4CBE5FFDEF8C5A1E906
                                                        SHA-256:A495F8CD60CE95E55EF453CD33817D20395443F00AAB727FB07AD6B1847E74EC
                                                        SHA-512:FBA2B56BF7E839DA4E045187484ED6104D2FF3C791AD81F817F7FFCA33F15A15889C9DF78A685D2D263A1CCF25E4F50610B96DA334A7AC5B6D7C396856697307
                                                        Malicious:false
                                                        Preview:20:10:05.495.INFO.Signaling force websocket stop..20:10:06.337.INFO.Socket connected to getscreen.me:443..20:10:08.344.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:10:08.365.ERROR.WebSocket connection error getscreen.me/signal/agent..20:12:33.478.INFO.Signaling force websocket stop..20:12:46.895.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:12:48.898.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250330.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.945411785996859
                                                        Encrypted:false
                                                        SSDEEP:6:KssrWs2XIX+WgIJUGcgkMAcgkud2M0CCQP5K0CEggDNBQEQ4:KNaXYcgicgxQj8P40rgK5T
                                                        MD5:0D21197B0CFC9DB04A8B4CDC925D344B
                                                        SHA1:68A1883F478C78EB435DCA33602D0961338B659D
                                                        SHA-256:A0EB329EBDCAC32CE22E584C86CBE5EE8FF8580711D0111A188FF2ADB5256642
                                                        SHA-512:9538F38640734F26AA72D651B0A31364F0CD1D1049B8C4CCCE11DBB1BE9AFDC76AF4B71123BD94D7AF41CD92A79CDE7C3E065521E02459191E0722D531D890A5
                                                        Malicious:false
                                                        Preview:23:28:32.375.INFO.Signaling force websocket stop..23:28:34.294.ERROR.Socket unable to read..23:28:34.294.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:28:34.294.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250401.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):719
                                                        Entropy (8bit):4.964117228223575
                                                        Encrypted:false
                                                        SSDEEP:12:pR2zChaOlDtvv9DOAtQQj8P40x5Up5p5u86ChaCNmtvvn:pR2zGBtvlDiDA2ALB6GWtvv
                                                        MD5:BA39CCC2A5C80794EF4C2B8FA5D6E0EA
                                                        SHA1:75DFEA6BFD07A06D0336A9025C9DAA625011BDEB
                                                        SHA-256:AA6E308BE705068E10027FA7C8C114ECC2838ED0A3616053717A321353E0BDF5
                                                        SHA-512:A1363CCAEF959AF5D5FD097CCC952DF4F923DBD3F324048968B1F2FDD790B359E562F05D08CED6AD229D7942DA644EFBE3D2BC99B40C734D449097B07BEAA81E
                                                        Malicious:false
                                                        Preview:02:43:54.866.INFO.Signaling force websocket stop..02:44:08.379.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:44:12.423.INFO.Socket connected to getscreen.me:443..02:46:22.085.INFO.Signaling force websocket stop..02:46:22.175.ERROR.Socket unable to read..02:46:22.176.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:46:22.176.ERROR.WebSocket connection error getscreen.me/signal/agent..02:48:47.587.INFO.Signaling force websocket stop..02:49:16.138.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:49:28.480.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250404.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):367
                                                        Entropy (8bit):4.921993027912485
                                                        Encrypted:false
                                                        SSDEEP:6:2uWXXIX+WgIJUkyMuyud2M0CCQP5K0CEmDNBQEQYT9Kr4mXIX+WgIJUn:sW6jQj8P401E5t0rX5
                                                        MD5:77C9EEB554AEF29249C129FF09650D54
                                                        SHA1:8F5432C41DF32B4ECD69F8A08BAC23E2635FE031
                                                        SHA-256:F913223253AB87A34E81AAFBFFD8A93ECD4A235458DC912C045D6B527A08235C
                                                        SHA-512:DACD982943F724B635120E76BDFE34A5288356141663C56375B599ADF86550942EED9F88DDA8C6C8D54113C9988C2ED79E9601907727171090975CC7B154AD71
                                                        Malicious:false
                                                        Preview:06:04:50.533.INFO.Signaling force websocket stop..06:04:53.700.ERROR.Socket unable to read..06:04:53.700.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:04:53.701.ERROR.WebSocket connection error getscreen.me/signal/agent..06:07:19.063.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250406.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1637
                                                        Entropy (8bit):4.990429629394716
                                                        Encrypted:false
                                                        SSDEEP:24:v4G7tvnZDAC8KmGutv+C2XDAZ8822rXGbtvLt9DA+8AGZXtvv:9RRDXLCp+Dk512x3DfyZd3
                                                        MD5:744591F98F89D971490F4C542E1C301F
                                                        SHA1:B417130C858ECEA22D95A98A85E976FCAD93849A
                                                        SHA-256:1CE4428E1B31CC6ED78A345285A6C7002E4BF9478E5C15059B9D319FC0ABF468
                                                        SHA-512:5E6FC062230FA693F428407EF2F96B48828BE5D97B2142D3C7FC508CFAFB049AEF7DC5373F5A15C3F6E81BE13C715C3528F8B176ECF46E9B41340FD4007FAF38
                                                        Malicious:false
                                                        Preview:09:21:51.409.INFO.Signaling force websocket stop..09:22:22.517.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:23:32.287.INFO.Socket connected to getscreen.me:443..09:24:36.458.INFO.Signaling force websocket stop..09:24:36.849.ERROR.Socket unable to read..09:24:36.889.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:24:36.889.ERROR.WebSocket connection error getscreen.me/signal/agent..09:26:33.807.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:26:44.114.INFO.Socket connected to getscreen.me:443..09:28:58.086.INFO.Signaling force websocket stop..09:29:01.992.ERROR.Socket unable to read..09:29:02.553.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:29:02.563.ERROR.WebSocket connection error getscreen.me/signal/agent..09:31:27.872.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250408.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4008
                                                        Entropy (8bit):5.008626288989717
                                                        Encrypted:false
                                                        SSDEEP:48:fDyyTqaADM8MDT1af97BDEboSfRfTDoZsxfmDG4vvffuxDOHpfADf/+fEDI933:2uR84TRbFfOZIyvXHI/i9H
                                                        MD5:6B26AB6DF278B2A741F0FDE492CF1FC0
                                                        SHA1:E9FDE00405C50D27A367B4342D46B89DEE41B34F
                                                        SHA-256:3C9EF96F74C90CDF9CB46419AF6FE003CDC4FBDB164597460B831D784FD58203
                                                        SHA-512:C0B39D803655521ADA6B352274F41BDDCD10576A1459ADE733D9E7C46C73DA4750603BF53B94FBE880EC03F3B4448E7222904D3F4161E8FBC1EC99499A9CCCB4
                                                        Malicious:false
                                                        Preview:12:53:37.464.INFO.Signaling force websocket stop..12:53:46.250.ERROR.Socket unable to read..12:53:46.270.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:53:46.270.ERROR.WebSocket connection error getscreen.me/signal/agent..12:56:11.854.INFO.Signaling force websocket stop..12:56:45.297.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:56:54.216.INFO.Socket connected to getscreen.me:443..12:59:09.167.INFO.Signaling force websocket stop..12:59:09.878.ERROR.Socket unable to read..12:59:09.928.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:59:12.484.ERROR.WebSocket connection error getscreen.me/signal/agent..13:01:33.615.INFO.Signaling force websocket stop..13:03:37.599.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:04:23.646.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20250410.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2398
                                                        Entropy (8bit):5.010734696419282
                                                        Encrypted:false
                                                        SSDEEP:48:/TMkDu19tfQ3RlD1qGiD2EvjdUDsukuI6Vz1DsTz+zvY:09dQhnqaEvykkI+bY
                                                        MD5:18CF6646C08DDCDBC44253654CB34DC1
                                                        SHA1:8BEEF136842BD78FD419D93AC79E393BF4864138
                                                        SHA-256:9041B38A631711827447E6021A926D1FB751481735090E63CD80D2C12AAB9653
                                                        SHA-512:FC57EA38A22100B14120DB815021B304579BDE9168ABFDF5CBC0FE6F757AB3CA3599731A4F0287FD2788510F9C8CF7837B44C41726C9D1E161F3788E6476F6B4
                                                        Malicious:false
                                                        Preview:16:52:07.126.INFO.Signaling force websocket stop..16:52:14.543.ERROR.Socket unable to read..16:52:14.544.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:52:14.528.ERROR.WebSocket connection error getscreen.me/signal/agent..16:54:28.313.INFO.Signaling force websocket stop..16:56:34.164.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:56:34.189.INFO.Socket connected to getscreen.me:443..16:58:59.212.INFO.Signaling force websocket stop..16:59:00.034.ERROR.Socket unable to read..16:59:00.065.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:59:01.632.ERROR.WebSocket connection error getscreen.me/signal/agent..17:01:23.445.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:01:42.882.INFO.Socket connected to getscreen.me:443..17:03:47.969.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250412.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1299
                                                        Entropy (8bit):4.989714955751652
                                                        Encrypted:false
                                                        SSDEEP:24:JrtvirDAgo/SbVC2gyG+btvsRDAgvSbVJrG+/atvvXFFCF6DAgZFtT:viDp9bVCB+xSDp6bVw+2RDppT
                                                        MD5:05C3B12AEFD41134BF927C5F2EEA4D3F
                                                        SHA1:EEF89D9ED25CF336C710A62E5925BEEA9392FBED
                                                        SHA-256:3CE83A3FDD03804F7A2C57CCB1EF863D1F60EA003FB30FBC2E258B2E80ADDD7E
                                                        SHA-512:EA4C81C7E4E134A6D07E42B38582B59860837C3FF1C8D4865B868D4E587590F96F9CCCBA91E523968FC98E1EE6498BFB38D750393FA9EE3EEE6960CB3E00AD66
                                                        Malicious:false
                                                        Preview:20:33:27.677.INFO.Signaling force websocket stop..20:33:27.677.INFO.Socket connected to getscreen.me:443..20:34:47.579.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:34:47.599.ERROR.WebSocket connection error getscreen.me/signal/agent..20:37:12.990.INFO.Signaling force websocket stop..20:37:47.268.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:38:04.031.INFO.Socket connected to getscreen.me:443..20:40:12.661.INFO.Signaling force websocket stop..20:40:12.772.ERROR.Socket unable to read..20:40:12.772.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:40:12.773.ERROR.WebSocket connection error getscreen.me/signal/agent..20:41:23.612.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:41:35.502.INFO.Socket connected to getscreen.me:443..20:43:47.267

                                                        C:\ProgramData\Getscreen.me\logs\20250414.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.743298435826174
                                                        Encrypted:false
                                                        SSDEEP:6:tWiXIX+WgIJUSriXIXNLD4EQJIuTvidzvRWl8Rvvn:tWiaiChhMitvvn
                                                        MD5:F19A8B0E890BE1E058390481A322DFC3
                                                        SHA1:ABAFAFE5D57C6284107B9F1DB4309FCC1A754090
                                                        SHA-256:D559DBB573DCCE5DB89B1094CCD8A8FD0E6775CDA02BF4A8BEDF94EF9C86EAFD
                                                        SHA-512:80DB604B90E1782A25787BE88992F0A298E297B620F6B8EA1D8B743DFC3B02330E14AF6468C2A31066F0493B081A315BBF75640D51619A35FB2A2BCA14421F83
                                                        Malicious:false
                                                        Preview:23:58:53.870.INFO.Signaling force websocket stop..00:00:44.478.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:00:51.860.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250416.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.968968201277406
                                                        Encrypted:false
                                                        SSDEEP:6:OLjV4mXIX+WgIJU8lByMqf9IOud2M0CCQP5K0C/IKDNBQEQYYEXIXNLD4EQAmdzv:OdXiBw9IHQj8P40oIg5pCh9mtvvn
                                                        MD5:648D99F65884912CB904AC5BEF33DB1A
                                                        SHA1:39D588311E3D110DCE3D92BF571C5E7EEBA6623D
                                                        SHA-256:3423F0E5ED2513F2373262C28F190DC44FBEFABA4741B5EE1D58E0FA3CD76BF2
                                                        SHA-512:C029D0BD72A78BA667BC51260605A27CF7D2BC29EF0664F1DEF1BEE7FB13629EC3455526668CB9F5B0362C556576F677FC5CA60B3A3DAC5E928F315D0963EB8B
                                                        Malicious:false
                                                        Preview:03:17:22.063.INFO.Signaling force websocket stop..03:17:28.116.ERROR.Socket unable to read..03:17:28.146.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:17:28.146.ERROR.WebSocket connection error getscreen.me/signal/agent..03:18:51.038.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:18:57.281.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250418.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.906487238477051
                                                        Encrypted:false
                                                        SSDEEP:6:Z2XIX+WgIJUU/M2/ud2M0CCQP5K0CEu7DNBQEQ4:Iuv2Qj8P401uf5T
                                                        MD5:C6809B970509E10603E9D1872BBB7573
                                                        SHA1:CD04F67BBC1727B2FDD7A410F69EC06E79CE1A9E
                                                        SHA-256:F7C9E6447773B097D80F1E0B2D2CCD942070EB16ED7AA0B457E351B49FAACB41
                                                        SHA-512:1FDCD7EED9F9E679A4B1FA83C12615FB7FB35F2CBC7559C19E9C3645854FD5771CF6C8CD5ECC4F7AC81A3060F7699477994F28A548AE16CC284EF7F97EC84836
                                                        Malicious:false
                                                        Preview:06:34:32.945.INFO.Signaling force websocket stop..06:34:35.054.ERROR.Socket unable to read..06:34:35.054.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:34:35.054.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250421.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):3182
                                                        Entropy (8bit):4.990205752124574
                                                        Encrypted:false
                                                        SSDEEP:48:uRGDZpJa3RDlClK8DjImxDnGpJrBDP4vddBDs+2V3:uYpblVIaGxydkDx
                                                        MD5:9FBA402D1AAD2BF068E4AB1BC00416C8
                                                        SHA1:DE225BD94C25E4C3D8528E684297E97E06AC0AE3
                                                        SHA-256:CF657042F7BC9C49867524A71BB58C5637C246A2B7C9376396FCB43D5B1DCC6F
                                                        SHA-512:538B5575DA796F18516357943966308F6404CDEA13A2467880CCCB2ABCFA764CFD7A8270D3E230EE8B5F1BBEBED44B9A4B530044655B28567D7750BAB5BE1A56
                                                        Malicious:false
                                                        Preview:09:49:40.831.INFO.Signaling force websocket stop..09:50:37.907.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:51:41.752.INFO.Socket connected to getscreen.me:443..09:52:51.525.INFO.Signaling force websocket stop..09:52:51.766.ERROR.Socket unable to read..09:52:51.766.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:52:51.766.ERROR.WebSocket connection error getscreen.me/signal/agent..09:55:17.374.INFO.Signaling force websocket stop..09:55:34.062.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:55:37.156.INFO.Socket connected to getscreen.me:443..09:57:57.281.INFO.Signaling force websocket stop..09:57:57.963.ERROR.Socket unable to read..09:57:57.964.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:57:57.964.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250423.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.9889069016690675
                                                        Encrypted:false
                                                        SSDEEP:12:aIXKTwnQj8P40eA5uVChstvvPbiK+Qj8P40O5T:aIXgwnDAn8uVGstvXGnDATT
                                                        MD5:DEFC50602941A970CED56288FEC20597
                                                        SHA1:BEF02DD81783F17C777DCE571BF877C27861B270
                                                        SHA-256:6F8C3DC01CE3F7A805A388A3599B05B8B18618071CF23B8840B81918DF6206FF
                                                        SHA-512:CA66B6700CBF78188B55713B1C6BB67965F00B72D746E1A0E7D9C1F6DF004EC5D5B9DE6DB11F89D2BDB7ADCE7645EB1F38AEF44BAB2910108F5092242842C2A5
                                                        Malicious:false
                                                        Preview:13:32:36.139.INFO.Signaling force websocket stop..13:32:37.909.ERROR.Socket unable to read..13:32:37.909.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:32:37.909.ERROR.WebSocket connection error getscreen.me/signal/agent..13:34:41.972.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:34:45.115.INFO.Socket connected to getscreen.me:443..13:37:05.757.INFO.Signaling force websocket stop..13:37:05.829.ERROR.Socket unable to read..13:37:05.829.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:37:05.829.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250425.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:KfIQ2jmXINF+WgIO0/Vyn:KFEmXIX+WgIJUn
                                                        MD5:999E505CAC88E191CB8DCFFDCF5B4798
                                                        SHA1:9FD636D5F356C9E0057B87BDF19CE6FDE2E9DBF4
                                                        SHA-256:CE3046790D12ED5CA236F4F4091BDC7B1D95394170A6F717F023A8A54B90668A
                                                        SHA-512:2AED8F1946C363F8EECDCF5F6AF58B29703C2D11E04D00FA26066AE0AD3BD7896E0BF6FBE28C211868D116DE8AD627920C040FD91054C68C4CE3F28D7EA3D671
                                                        Malicious:false
                                                        Preview:16:53:15.340.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250427.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1433
                                                        Entropy (8bit):4.970194910718506
                                                        Encrypted:false
                                                        SSDEEP:24:CRWQG+jtvMAUDAgkbVtG+2itvf0DAgiibVoG+Y5itvHc3DAgsT:qWt+p0bDpkbVw+2G0Dp7bVF+Y5GSDpsT
                                                        MD5:C771D22A9AAC88C066F8D993D04468FE
                                                        SHA1:90BFA5BEF4DE43F4F2096AAE7F68A770033F2AA8
                                                        SHA-256:F82DDD3D3027C1DDBC31A4DD6A37DEEB0C63CF91DC39C8763AD5785CCF8F1F4B
                                                        SHA-512:39F031D11ABC26C675D2727C3F5AFC9CCEE18E317AF3701548FF49B3F9C196B8FC708D5DBCA6EA4EB77F35BE9039FD2C8042DBF62833E4DCABB8754A868D90CA
                                                        Malicious:false
                                                        Preview:20:07:48.818.INFO.Signaling force websocket stop..20:08:14.002.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:08:17.362.INFO.Socket connected to getscreen.me:443..20:10:38.782.INFO.Signaling force websocket stop..20:10:38.942.ERROR.Socket unable to read..20:10:38.943.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:10:38.943.ERROR.WebSocket connection error getscreen.me/signal/agent..20:12:05.234.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:12:05.478.INFO.Socket connected to getscreen.me:443..20:14:18.357.INFO.Signaling force websocket stop..20:14:18.508.ERROR.Socket unable to read..20:14:19.049.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:14:19.059.ERROR.WebSocket connection error getscreen.me/signal/agent..20:15:40.040.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250429.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1030
                                                        Entropy (8bit):4.971084972112703
                                                        Encrypted:false
                                                        SSDEEP:12:RYp+Ch52tvv+aYLHLrQj8P40qnb5b2nXYeChwYXtvvmY0zQj8P40v5T:RJG52tv1uDAftb2X3GrXtveRDAkT
                                                        MD5:FDF1921547F2A5DE78E564328DB6AB44
                                                        SHA1:13E21AD4415566BBDD8E232FED463C6E9005310B
                                                        SHA-256:A2ADE178B3527293DF7D8F1FFFA230E56824D9CD633E17BB8A167F244F4EE8E0
                                                        SHA-512:6119B58FDA2189BE64F573E64F400ED30FC9EE655C394E5DCBEB0CD38B6253F5B8D28E7B2A9E9BD8F7078A6BB01C2A3AD3AA6EA7C1336BA072A1A83E790A735B
                                                        Malicious:false
                                                        Preview:23:33:49.340.INFO.Signaling force websocket stop..23:33:57.677.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:34:08.537.INFO.Socket connected to getscreen.me:443..23:36:23.123.INFO.Signaling force websocket stop..23:36:23.524.ERROR.Socket unable to read..23:36:23.554.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:36:23.564.ERROR.WebSocket connection error getscreen.me/signal/agent..23:38:35.491.INFO.Signaling force websocket stop..23:39:35.512.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:39:54.767.INFO.Socket connected to getscreen.me:443..23:42:00.263.INFO.Signaling force websocket stop..23:42:00.934.ERROR.Socket unable to read..23:42:00.934.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:42:00.934.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250501.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):139
                                                        Entropy (8bit):4.784491363251343
                                                        Encrypted:false
                                                        SSDEEP:3:yTfbgX2XINF+WgIO0/VyVXfQFfX2XINFDhL1JDEELD8Kru5:yTg2XIX+WgIJU4X2XIXNLD4EQh
                                                        MD5:1332466C6937AE41C7448AC462E7D573
                                                        SHA1:DCBD4FF46A307F70211349A7BFB128DDA39C9CC5
                                                        SHA-256:1F0F00E598859B137A787BA3D5AFDA78998DDC05D59B45A2176B1407D2B7302F
                                                        SHA-512:00C7350533E93070EBCE253C85A86E3897E44E4FEB13DA021834847B78713A871ABAC22E108784E32C9F246EF04277BB837820A656972F59E7E865220919E579
                                                        Malicious:false
                                                        Preview:02:56:35.274.INFO.Signaling force websocket stop..02:58:36.506.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20250503.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):529
                                                        Entropy (8bit):4.9557462134393075
                                                        Encrypted:false
                                                        SSDEEP:12:VAFkXtvvBHQj8P401Fn5tjn2gCheCHqXtvvn:VmItv9DAAbt6gGeCHmtvv
                                                        MD5:969EB2418878B67433E3C9BCDD219357
                                                        SHA1:7585314DDDC175256523C9424023340CB29FD8EA
                                                        SHA-256:B72C2DBF1DBBA4C6EAE6653A8C92BF7784EAEBCBBD192B6FC5F5CC65E8CAD3C7
                                                        SHA-512:5F41639C2D94F9F77AC8A4AE6187C33D1C23EA233824FA638D4D5BA3EAA5C12AD2F3322778012DAD3D4DAB701BC948C8C0CC1337457B255DB40EC9BE95D4F450
                                                        Malicious:false
                                                        Preview:06:13:03.951.INFO.Signaling force websocket stop..06:13:04.648.INFO.Socket connected to getscreen.me:443..06:13:04.709.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:13:04.719.ERROR.WebSocket connection error getscreen.me/signal/agent..06:15:30.124.INFO.Signaling force websocket stop..06:15:53.835.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:16:01.647.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250506.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.699513850319967
                                                        Encrypted:false
                                                        SSDEEP:3:4SST8KjmXINF+WgIO0/Vyn:4b8XXIX+WgIJUn
                                                        MD5:4FDBABC2F238FB299331D16D8A90C362
                                                        SHA1:51F711FA06D7377B203098432A999A39358BF141
                                                        SHA-256:64248BEAC1826BF49525A20F32184B2E2FDD7DBB158A482030DFF224CD156280
                                                        SHA-512:9FFDF4B3D094B393DD8E2CCFB97AB536ED6E787C15435FD3ED2BA0A7425D42D7CEDDF049ED149BCAF9118816BD2D91B7E3E2870E83B97CD18D86E667D4B159D2
                                                        Malicious:false
                                                        Preview:09:30:29.312.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250508.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.973699589322085
                                                        Encrypted:false
                                                        SSDEEP:12:kyYoQj8P40VYBBq52KzyFChtWRss2tvvn:moDAtBA2HFGUKXtvv
                                                        MD5:F586CBF0168FB26141102C14E1A5ED3C
                                                        SHA1:4B66445C9E9AEBCDF49D6B755E0D48E3151228A8
                                                        SHA-256:D42BB877CD1F62E0961808330B952F06E2053D4F4166A41A102280F8A8E736BC
                                                        SHA-512:939231E42D8D8DD714054A66633990EB399492B182C10C1C429BC873D0BAA98B64B900CFD87195FEA1F20F8E5AA22C906C0F3F5BB803ED38B88721092540B335
                                                        Malicious:false
                                                        Preview:12:44:59.890.ERROR.Socket unable to read..12:45:05.311.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:45:05.321.ERROR.WebSocket connection error getscreen.me/signal/agent..12:47:19.172.INFO.Signaling force websocket stop..12:48:03.531.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:48:09.554.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250510.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.962351336106636
                                                        Encrypted:false
                                                        SSDEEP:6:KKB2XIX+WgIJUUAgKHM9gKHud2M0CCQP5K0CggKDDNBQEQ4:YKFAxQj8P40IK5T
                                                        MD5:7727C9B8839093FA0311AB0EC9C46892
                                                        SHA1:D0FFD49DFC28FF79FC70DFF4CF6A516DC3672735
                                                        SHA-256:7A96F77709E0BAECFF3B17D816B0D6ADBBA8E11E0B196EFBA422B6796FE74BD8
                                                        SHA-512:CF79BC5A176620164DC668116FF8D44FDEAA38D043488FAB111D3820499DB30C3E4A87E85335966C91828E8A686872A3642653E7476D37D733F8573CE010AA4F
                                                        Malicious:false
                                                        Preview:16:03:40.235.INFO.Signaling force websocket stop..16:03:43.497.ERROR.Socket unable to read..16:03:43.497.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:03:43.497.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250512.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.6637995646056805
                                                        Encrypted:false
                                                        SSDEEP:3:FMf7LR2XINF+WgIO0/Vyn:MHR2XIX+WgIJUn
                                                        MD5:977758D4F39642AB1DFCE0E58065799E
                                                        SHA1:849A40EB735CBB71E47FC2BA3AB0EAF94FC9D58B
                                                        SHA-256:24D03BED69E6B955DC715600079C820F048B589C2B35746815C33CE15072D6BB
                                                        SHA-512:535DF521D769BAC11A739E80EAF4E38AF4172349274ECF2997A71DB4D97C33470D227C3F2CF0A40B2DF036C1FE37926ACC8E3867C36626DE8453176E54B1570B
                                                        Malicious:false
                                                        Preview:19:18:14.917.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250514.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):5589
                                                        Entropy (8bit):5.000740384797609
                                                        Encrypted:false
                                                        SSDEEP:96:GKZ9JzGR8LnfN3HA9axHV/qQrjUuv9PcfW:GKZ9JzGR8LnfN3g9axHV/qQfUuv9PEW
                                                        MD5:FA4E4F09099101CB101873F81459D9D8
                                                        SHA1:EFCE1A8D0C54A11830C150797D31DFCBC7B7438C
                                                        SHA-256:16D8D6B3568654C38DAD4E9EEA17B566D3DFF8F8C70959A601B0547E9DBBC2E6
                                                        SHA-512:646C6B7076DD8CB88C9B0345AE95ED92D539FFDC98C05C7854BDA8604750627E8672B183DB62076BB090C16AFE69C7DF782295B9E04E981358667BE4D31C28A4
                                                        Malicious:false
                                                        Preview:22:33:40.821.INFO.Signaling force websocket stop..22:35:09.082.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:35:11.978.INFO.Socket connected to getscreen.me:443..22:37:33.038.INFO.Signaling force websocket stop..22:37:33.338.ERROR.Socket unable to read..22:37:33.389.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:37:33.389.ERROR.WebSocket connection error getscreen.me/signal/agent..22:38:54.613.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:40:00.011.INFO.Socket connected to getscreen.me:443..22:41:08.699.INFO.Signaling force websocket stop..22:41:08.880.ERROR.Socket unable to read..22:41:09.361.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:41:09.361.ERROR.WebSocket connection error getscreen.me/signal/agent..22:43:10.776.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250516.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):367
                                                        Entropy (8bit):4.955087176053235
                                                        Encrypted:false
                                                        SSDEEP:6:qWs2XIX+WgIJUzc+SwEMlc+SwEud2M0CCQP5K0CA5c+SwADNBQEQYXh3lmKr2XI+:qWs2u3uQj8P40x5cH5pxlms25
                                                        MD5:B83DC8D94B8A9B91C358EED7E841DCAD
                                                        SHA1:5751EA6EE434D026866A642E18D34656C8E50C11
                                                        SHA-256:8FF4331E4085A6046C0180226EB8C456DD4AEA20D0C40E0E7789785B9E0A0860
                                                        SHA-512:767C21F05C2132ADAE027F1091EC446ED3FA4EECA35BEB77ED852DF2E5A48151296695198A9418D26CA861972C4ADFE8B23A971AABD451A6B025B1ABBEF44415
                                                        Malicious:false
                                                        Preview:02:49:24.046.INFO.Signaling force websocket stop..02:49:31.029.ERROR.Socket unable to read..02:49:31.029.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:49:31.029.ERROR.WebSocket connection error getscreen.me/signal/agent..02:51:44.446.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250518.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2264
                                                        Entropy (8bit):4.990347165031381
                                                        Encrypted:false
                                                        SSDEEP:48:2iQVwaUhDKyGzCDZ3Hak0DTEQurGasaRDiCiEdq3:2iqcAyG23LWzEpvdk
                                                        MD5:B6D7F971462AA7BBB2D3FEF606AEAE0B
                                                        SHA1:BCD5FC962D98A7410619AF89F6DC44EA91B3D4B6
                                                        SHA-256:58D6CE684AD03F2212B1771BCA861DE6CA218A19649DEB04B1EA378B60E99FC7
                                                        SHA-512:2A820CC44ACA1601D93A29DF34217278CE97E74B5B07EFC3B25A2450D2F5508F6E668F4C5BE094B43C0E619AD883AFC08E22B59018B9D7C50E301415796C4FCF
                                                        Malicious:false
                                                        Preview:06:07:39.175.INFO.Signaling force websocket stop..06:07:40.624.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:07:41.822.INFO.Socket connected to getscreen.me:443..06:10:06.916.INFO.Signaling force websocket stop..06:10:16.359.ERROR.Socket unable to read..06:10:16.360.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:10:16.360.ERROR.WebSocket connection error getscreen.me/signal/agent..06:12:41.631.INFO.Signaling force websocket stop..06:13:09.793.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:13:16.474.INFO.Socket connected to getscreen.me:443..06:15:34.190.INFO.Signaling force websocket stop..06:15:34.490.ERROR.Socket unable to read..06:15:34.510.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:15:34.510.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250521.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2922
                                                        Entropy (8bit):4.976992340403553
                                                        Encrypted:false
                                                        SSDEEP:48:RrD2gDj9DhD3yuCxhDODs599aR3DfhAC06DROegC5DL2G3:0g9lyfLDR59Wrhl0uOeVp2w
                                                        MD5:9909D3B698B405427441E2ECE3D7877F
                                                        SHA1:A1E55549FA35E9509173B349DD43CFB75E5C7E29
                                                        SHA-256:3601689B8F4D4ACFDC2051CF3B03D0AB0EB3CAB6CC443B391EA4F409E22CF9F8
                                                        SHA-512:8B3F48827BBBFE11DB22D67963C66670BAA106A74F1076F4D815523AC3D6059652352135FCA92598FFAC500EC9CABC9345D7554C5FEFB403372192AFCC82E25A
                                                        Malicious:false
                                                        Preview:09:48:51.008.INFO.Signaling force websocket stop..09:49:03.227.ERROR.Socket unable to read..09:49:03.258.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:49:03.258.ERROR.WebSocket connection error getscreen.me/signal/agent..09:51:22.547.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:51:40.203.INFO.Socket connected to getscreen.me:443..09:53:46.489.INFO.Signaling force websocket stop..09:53:47.120.ERROR.Socket unable to read..09:53:47.150.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:53:47.150.ERROR.WebSocket connection error getscreen.me/signal/agent..09:56:12.529.INFO.Signaling force websocket stop..09:56:47.504.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:57:58.244.INFO.Socket connected to getscreen.me:443..09:59:01.398.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250523.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.686033716352762
                                                        Encrypted:false
                                                        SSDEEP:3:Pu+Q52XINF+WgIO0/Vyn:7a2XIX+WgIJUn
                                                        MD5:D86BF429C21A47A1DD8E35325DE9D807
                                                        SHA1:52E867B6B0327AA8FDC168661FA430CC7CAAD503
                                                        SHA-256:2A2EC5B8E67AB3533882B7132A422E87BEBB77DCAEF53A43C643EE336CD0036C
                                                        SHA-512:C11EF21CCF66A77DF36795C4374352A219FB854141665BE6B1E501974DA0FC259168634F78AFC022DB17B53E624D3024CEECA0C726971585E3ED95E4F0E7DA8D
                                                        Malicious:false
                                                        Preview:13:34:35.914.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250525.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.989200884170699
                                                        Encrypted:false
                                                        SSDEEP:6:Kx+kMxkud2M0CCQP5K0C2gDNBQEQi7ns2XIX+WgIJUUZqs2XIXNLD4EQ/12dzvRB:W+FQj8P40+5VDXKUXChg2tvvn
                                                        MD5:62FA403F03704E0E12B45C60B49E10A8
                                                        SHA1:EE87240E41545E89E3ED8E60CD8C3554C65A0681
                                                        SHA-256:54E550A39117AFF9A8CBA5EBCB7670BE21EA6B28D37F38EB81EC7FDD5A4E2C21
                                                        SHA-512:48AB915A231F45FD1758996ABBC136290677BA99521444FA0B76EE0CBE526BA9E3E8809DBE3D375DA5B820AE8654D3BB1F995E9A0C537020DF73FDDEE5FC4400
                                                        Malicious:false
                                                        Preview:16:49:06.635.ERROR.Socket unable to read..16:49:07.131.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:49:07.131.ERROR.WebSocket connection error getscreen.me/signal/agent..16:51:19.655.INFO.Signaling force websocket stop..16:51:23.867.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:51:24.786.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250527.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2866
                                                        Entropy (8bit):4.979275677442047
                                                        Encrypted:false
                                                        SSDEEP:48:TfDpQbVsv+GI6DpabVF+vHDplbVQ2+DZKDpfbV6+gQDp9bV9+McDpmbVCv+J3:CA+GOr+3v+sA+zD+8O+V
                                                        MD5:D2922611383236A66F6C26F87F2CF3FC
                                                        SHA1:0BA0A2128679E2475464CD1747519672BB1B81B9
                                                        SHA-256:4E60A61A598936FE78E5C780535EEEBBCA6D71D214C4A227211E455C70BDBC10
                                                        SHA-512:5A6D105237C9E812E8F2DCDCB8DF8972A1B06F64253130E605B90B2ACD099344EE34128ED6C17C7FFBE40E071FC6EE64FE3E6E2E8D978B0A5FDCE70B83F6AC05
                                                        Malicious:false
                                                        Preview:20:06:35.618.INFO.Signaling force websocket stop..20:06:38.678.ERROR.Socket unable to read..20:06:38.728.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:06:38.728.ERROR.WebSocket connection error getscreen.me/signal/agent..20:07:55.646.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:07:57.914.INFO.Socket connected to getscreen.me:443..20:10:53.227.INFO.Signaling force websocket stop..20:10:53.258.ERROR.Socket unable to read..20:10:53.258.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:10:53.258.ERROR.WebSocket connection error getscreen.me/signal/agent..20:12:56.989.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:12:57.204.INFO.Socket connected to getscreen.me:443..20:15:21.787.INFO.Signaling force websocket stop..20:15:22.018.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20250529.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.971804617954485
                                                        Encrypted:false
                                                        SSDEEP:6:fLms2XIX+WgIJUGoLaMAoLQgkud2M0CCQP5K0CQLQggDNBQEQ4:jmXYowojQj8P40lU5T
                                                        MD5:06F1A11BD5F4053F75927AF2CDC8C301
                                                        SHA1:A0EFCB835B75306E7BE32CE047C251F54CC0EBCA
                                                        SHA-256:68384B3B3213B5A8D0F9FCF74B0E26FDA5AC7077FA17F9E9289D04A5C65D4407
                                                        SHA-512:5955CBB373B648D99AA42737C7A51D0A194EA461465C81F89E54289CA9480AACE5C713ACB9D63215F39564A0D9D13BFE2C7F979D8DCCFC80897DE83BA8077AB7
                                                        Malicious:false
                                                        Preview:23:47:17.457.INFO.Signaling force websocket stop..23:47:19.903.ERROR.Socket unable to read..23:47:19.994.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:47:19.994.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250531.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.699513850319967
                                                        Encrypted:false
                                                        SSDEEP:3:O2fs2XINF+WgIO0/Vyn:O202XIX+WgIJUn
                                                        MD5:421B4F7E3020AA58030F5C0EBC0B38F4
                                                        SHA1:7FD6B6896539E17EF83368A9487DAB09315D5A99
                                                        SHA-256:59659B9282B01C19348C2BBE3E973F04C90AEF7153B31ADA1C46A0C4BE20C642
                                                        SHA-512:C3757B29E5FC67AE60E87FF522E34212296C2C722480E50C97A9554213CB76430478AA722D77A0E987A6C477FC0EA12394B659FA8EE4EA4ACCAD4E73CD1FCEEC
                                                        Malicious:false
                                                        Preview:03:01:57.537.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250602.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.794594482133577
                                                        Encrypted:false
                                                        SSDEEP:6:ZiGX2XIX+WgIJUtAXIXNLD4EQPv2dzvRWl8Rvvn:ZQjACheetvvn
                                                        MD5:E8839160BA5B5E3A117A5B5CFE16673A
                                                        SHA1:B1A711187730302C5C75E35DDAE00AF82D3E04B6
                                                        SHA-256:2F5F788762AF5A82EFA075922DE1E4D36B3F6A9286ADF33CB275115B445F59E2
                                                        SHA-512:831B8E2386E463AADAF8A68B6E6F810164569E8FCF87C3027D070719F8FAB7003383B394D7E2237A311F5E92CC09EB206D77AE7B74189DF858AFFBF6CD843398
                                                        Malicious:false
                                                        Preview:06:17:18.665.INFO.Signaling force websocket stop..06:17:57.262.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:17:59.518.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250605.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.944560781152838
                                                        Encrypted:false
                                                        SSDEEP:6:4Rf8r2XIX+WgIJU2CEkMgfacUud2M0CCQP5K0CODNBQEQ4:My2oFSpQj8P40j5T
                                                        MD5:AAA6DF024C39E75E92554689034C2F6D
                                                        SHA1:0B665917D57D245F999CF58C2C8265D9D8D83605
                                                        SHA-256:0CE08A283D6A2BE7A8C884D4BC0535013BB2E8B686F769D873717CD3E3DF7DD0
                                                        SHA-512:7A8524A5BA6BB451CA717B0C511871B6CB726515D2750A57D5C82D43E6DAD9CD1880C3409ADCC144B3A35F20322BF9FBA086BF0D55E050C2B1864B824AE55A74
                                                        Malicious:false
                                                        Preview:09:33:14.446.INFO.Signaling force websocket stop..09:34:15.670.ERROR.Socket unable to read..09:34:15.690.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:34:15.700.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250607.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):5.004891461096332
                                                        Encrypted:false
                                                        SSDEEP:6:O5JXIX+WgIJUUosmXIXNLD4EQCXdzvRWl8RvvPQXIX+WgIJUUoxMnxud2M0CCQPx:kJKobCh9tvvYKoWcQj8P40v5T
                                                        MD5:59D4001A1463C35690D1B1CB4A876B31
                                                        SHA1:36E788D7F111B243DB57406328A2B8CA2A281097
                                                        SHA-256:7EDF05A23700EE4723AA229E0EA584E23DA5EDACEC49916A0C29524A30426489
                                                        SHA-512:08D10E030B748706BCBB9010D638347E6F4EF0AE848E3498D8494854E2D14941A75B699F2F99AD8B13A366635ECA4070F36ED5857E601EBC78C7993FDC4F704F
                                                        Malicious:false
                                                        Preview:12:49:05.621.INFO.Signaling force websocket stop..12:50:15.340.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:50:17.811.INFO.Socket connected to getscreen.me:443..12:52:39.628.INFO.Signaling force websocket stop..12:52:39.728.ERROR.Socket unable to read..12:52:39.728.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:52:39.728.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250609.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.960539751035649
                                                        Encrypted:false
                                                        SSDEEP:6:KriV9mXIX+WgIJUUh2XIXNLD4EQkdzvRWl8Rvv3fmbXIX+WgIJUU4f9MNfi9BUur:xmKh2ChntvvebKGpQj8P40eS5T
                                                        MD5:5D8CD26E118EBDC912C2DBB878117AB5
                                                        SHA1:3A8F4749A4D4B3B94E269B09334AB8E65029709A
                                                        SHA-256:81BBE410397882E21B989F2E61113A58DCEE8516B8FB6F7C804681C1D1E88A1B
                                                        SHA-512:5044C049887DDE85E2BCFB8519D16628929E8DA55EAB0D717749F5A207C97D6F691E6B6127559EB42420C9376E5E3C487F5967B59123A18162A8917FC0F8763E
                                                        Malicious:false
                                                        Preview:16:07:51.000.INFO.Signaling force websocket stop..16:08:24.534.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:09:26.820.INFO.Socket connected to getscreen.me:443..16:10:36.001.INFO.Signaling force websocket stop..16:10:36.392.ERROR.Socket unable to read..16:10:36.402.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:10:36.402.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250611.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:FuiNn2XINF+WgIO0/Vyn:7n2XIX+WgIJUn
                                                        MD5:35A65EDF17B439F62ECD39B5F15322A6
                                                        SHA1:A1162A482940A5500CD65BA5FCA920D834B46DC1
                                                        SHA-256:C0F1E5716C3733BD773B105EBE9884B6B227109AB03AAFB22864B8D8B604BEF1
                                                        SHA-512:DC8F0A492B4EE85ACCEEE5309B479AFC1980529D170CDFA30D9C68951C71F436E0D802E0E3E5949B5D9A2F19A9D0EAE98A4BC832AC24D6A45D9D63A9508C24D7
                                                        Malicious:false
                                                        Preview:19:25:15.474.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250613.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.928862893478838
                                                        Encrypted:false
                                                        SSDEEP:6:2mXIX+WgIJUccsXXIXNLD4EQh5USdzvRWl8RvvZIKXXIX+WgIJU7Mhud2M0CCQPZ:2mjsXChpStvv9VQj8P40X5T
                                                        MD5:2F394C439265D467C8681B99E81AAA2D
                                                        SHA1:46B318A39CC5FDDBA8C8AAFA7767A72D406865EB
                                                        SHA-256:0B8CE56C0B85F116FBD9EE74FBA38AF66DEFAE3AC92910472F17787F8D9B2A99
                                                        SHA-512:BC13A648EF5E42FA9A651531952D8D7EAAC7DEF422A817053D4EEFFC6B0CFED098B4541E8DC553B9D944DA05B95CCF5F62F37FDB512AD86DA233CC4163410251
                                                        Malicious:false
                                                        Preview:22:40:20.560.INFO.Signaling force websocket stop..22:40:44.729.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:40:46.502.INFO.Socket connected to getscreen.me:443..22:43:08.233.INFO.Signaling force websocket stop..22:43:08.334.ERROR.Socket unable to read..22:43:08.334.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:43:08.334.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250615.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.760503215259149
                                                        Encrypted:false
                                                        SSDEEP:6:gQbtSsXXIX+WgIJU+R+vXIXNLD4EQw+KmdzvRWl8Rvvn:esXgIvChCKmtvvn
                                                        MD5:FE4195A665C012C4876BFC02D99A2A2D
                                                        SHA1:71880230E9B8A20D33A83BD4296A9159BC929CE5
                                                        SHA-256:8CD7A683C1E629DC244A492B907985C12EC9BF6C0BC98D1B53DBA893DBFB1AA8
                                                        SHA-512:4C67CDA2EED330C82761F51BF362E49CF8BF8D32C77EF5EE5A997D0870FE96ADE96052245B0F4493E3C70F7A63CF74B7ED3D74D3BC21A7662E0B5124622976BF
                                                        Malicious:false
                                                        Preview:01:59:14.739.INFO.Signaling force websocket stop..01:59:35.549.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:59:37.840.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250617.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):826
                                                        Entropy (8bit):4.971417496476788
                                                        Encrypted:false
                                                        SSDEEP:12:kXkWuWBQj8P40x65QrZMyCh1vr2tvv0XkkXQj8P40D5QtX5:skWuWBDAaS2MyGtitv8XkkXDAoS5
                                                        MD5:019F448BF6042AD177F458D9B8C234D5
                                                        SHA1:7C097426B929D60909027BFD7C9E1F21D6227B14
                                                        SHA-256:90093E6388118CC0414C550F6CED6E6147E3427BFFD313EF855F6E308764580E
                                                        SHA-512:B7DF448750AB0D8E9527710526A3F11DD835F9C876D9AA13C30F32CD235BE397AA35BFDFCA76536729A0179BE25C7CC23260398D804406BBCCF0A21D03917A62
                                                        Malicious:false
                                                        Preview:05:16:04.691.INFO.Signaling force websocket stop..05:16:06.222.ERROR.Socket unable to read..05:16:06.222.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:16:06.222.ERROR.WebSocket connection error getscreen.me/signal/agent..05:17:28.108.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:17:29.014.INFO.Socket connected to getscreen.me:443..05:20:24.155.INFO.Signaling force websocket stop..05:20:24.165.ERROR.Socket unable to read..05:20:24.165.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:20:24.165.ERROR.WebSocket connection error getscreen.me/signal/agent..05:22:49.347.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250620.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):571
                                                        Entropy (8bit):4.988324191642665
                                                        Encrypted:false
                                                        SSDEEP:6:Odp2XIX+WgIJUvQtXIXNLD4EQBin2dzvRWl8Rvvv8br2XIX+WgIJUJJKHMfJLkuW:hV+ChVn2tvvAr2E+xQj8P4011K5kQ5
                                                        MD5:2E3F30526BA0F6F08DD72FFCB0D9E041
                                                        SHA1:ED0774F878CBE3653B9C8D17D590AAD0EA616570
                                                        SHA-256:0B1E133A306E81054835070644D99CE0A3B03DC2BFABF5E483E7EE6E14E64FA8
                                                        SHA-512:E03F27FA3F0550B9141638F948AE684A6C17821C61625FE49B0D9040859288EA6D43BB7F35A4D2CC997A8790A448FF9EABC2C68C416529E325A9950B8A645CFB
                                                        Malicious:false
                                                        Preview:08:38:12.670.INFO.Signaling force websocket stop..08:38:14.259.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:38:25.676.INFO.Socket connected to getscreen.me:443..08:40:40.434.INFO.Signaling force websocket stop..08:40:55.455.ERROR.Socket unable to read..08:40:55.495.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:40:55.495.ERROR.WebSocket connection error getscreen.me/signal/agent..08:43:21.113.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250622.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1489
                                                        Entropy (8bit):4.985525391373502
                                                        Encrypted:false
                                                        SSDEEP:24:auGc2tv3l1DAL+BQG8dtv3XMDAI0XsKjmGtqtvWLnHJDA1T:qcaN1D+m8/0DB2MAnpDsT
                                                        MD5:0D7F4FC49F1C374B6249F0656ABBCE77
                                                        SHA1:67DCD41FDAB42790E534287EF0840D8069458FFD
                                                        SHA-256:6E69CBB0EFD50F18F2286450136EEE9718E1FB09BD44971F6B39D6F30220D31C
                                                        SHA-512:C84CD30BC0564734AC1EB9F3309E70CE91650376D35D1EBCD81A6F9883A83E770BC7BB59624C5F60F37B2160951FC1286BAA0D0CC4E7DE0A7581786A4DB8B09E
                                                        Malicious:false
                                                        Preview:11:58:27.037.INFO.Signaling force websocket stop..11:58:46.227.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:58:50.286.INFO.Socket connected to getscreen.me:443..12:01:11.999.INFO.Signaling force websocket stop..12:01:12.039.ERROR.Socket unable to read..12:01:12.059.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:01:12.069.ERROR.WebSocket connection error getscreen.me/signal/agent..12:03:37.172.INFO.Signaling force websocket stop..12:04:56.028.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:05:02.340.INFO.Socket connected to getscreen.me:443..12:07:21.567.INFO.Signaling force websocket stop..12:07:22.549.ERROR.Socket unable to read..12:07:22.559.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:07:22.559.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250624.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1030
                                                        Entropy (8bit):5.002723505915558
                                                        Encrypted:false
                                                        SSDEEP:12:pFKi2ChLsXtvvZKOQj8P40650KIXKiwChpKXtvva2KKK3RQj8P40wK3q5T:pFR2GUtvhjDAjdQxwGpKXtvS2QDA9T
                                                        MD5:4B75E880EFE6550FC468ADD50CD77710
                                                        SHA1:D4D857D676DDDE98B31350AA6252F403D3B3A845
                                                        SHA-256:F924C97EA978ED5CE278472B0053763BF60A22C8A3246DEE3333039338B26BE6
                                                        SHA-512:125E8D3743D1FF548D896604C772962BCCEB75A67EE861C600003DE26DC527B55193207DD5C37B77B920AFDA6218E6E444AA62914197D23221C70FBED984184A
                                                        Malicious:false
                                                        Preview:15:29:04.541.INFO.Signaling force websocket stop..15:29:29.336.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:30:29.465.INFO.Socket connected to getscreen.me:443..15:31:53.681.INFO.Signaling force websocket stop..15:31:53.741.ERROR.Socket unable to read..15:31:53.781.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:31:53.781.ERROR.WebSocket connection error getscreen.me/signal/agent..15:34:19.191.INFO.Signaling force websocket stop..15:35:20.172.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:35:30.938.INFO.Socket connected to getscreen.me:443..15:37:43.806.INFO.Signaling force websocket stop..15:37:44.317.ERROR.Socket unable to read..15:37:44.327.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:37:44.327.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250626.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1545
                                                        Entropy (8bit):5.011289397267206
                                                        Encrypted:false
                                                        SSDEEP:24:E3t3yGWtvRt545QDAsfEGdtvsYDAVtAeQGMDtvsKhRDAdCQN25:EJT6yyDh5/7D0ptMJnhRDYCyu
                                                        MD5:6C5ECFE97994827565D9433678BC151A
                                                        SHA1:5EB0FC1556287652DF2C6CA8CAF50626F845C9FE
                                                        SHA-256:DA4BFB9B107313EF3728928DF715EB46DD69522BC4F4D67CD44B4FFF2700BFE0
                                                        SHA-512:61AF80181F021E14CC621F6DE17F775A8D62097EF504EEDD1D955D25120C9E416BE93DBFD5F16F47B4457C7A57C6825A4847A5C907D79F4C38A979FB32D47091
                                                        Malicious:false
                                                        Preview:18:52:47.223.INFO.Signaling force websocket stop..18:54:30.348.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:54:49.732.INFO.Socket connected to getscreen.me:443..18:56:55.780.INFO.Signaling force websocket stop..18:57:07.476.ERROR.Socket unable to read..18:57:07.476.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:57:07.476.ERROR.WebSocket connection error getscreen.me/signal/agent..18:58:49.782.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:59:23.617.INFO.Socket connected to getscreen.me:443..19:01:13.784.INFO.Signaling force websocket stop..19:01:14.045.ERROR.Socket unable to read..19:01:14.336.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:01:14.336.ERROR.WebSocket connection error getscreen.me/signal/agent..19:03:27.482.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250628.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4523
                                                        Entropy (8bit):4.996060295672394
                                                        Encrypted:false
                                                        SSDEEP:48:cVk0Ddb7rNDnbQ2+ZkyDDFbHFAkDib8KDn6D9bmthajXDBbOXCJ0DnbHO38DqbO0:MlPBVwbmQ2mUmt7MiLS2T
                                                        MD5:5D2E441F88E14AC70BF0EE7AA0BDBC87
                                                        SHA1:7CB9703D069B7D65280E624F70423D1787D4FFAB
                                                        SHA-256:9B4874708CA3CB7C66F436A71DDE8F001691CFD1EC1C44366BA02F305BCB0FF8
                                                        SHA-512:C174F9049E84A3FF18B30AF981CA5D94CE7A119E8A85C084BCB2CCB6E27A57E8C633073AD3C3EAF345CF1EA5CA9E653A541FBC43006EC18DBED5893465D2E829
                                                        Malicious:false
                                                        Preview:22:24:58.680.INFO.Signaling force websocket stop..22:25:02.314.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:25:37.024.INFO.Socket connected to getscreen.me:443..22:27:34.815.INFO.Signaling force websocket stop..22:27:35.677.ERROR.Socket unable to read..22:27:35.677.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:27:35.677.ERROR.WebSocket connection error getscreen.me/signal/agent..22:29:47.700.INFO.Signaling force websocket stop..22:30:37.395.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:30:42.209.INFO.Socket connected to getscreen.me:443..22:33:02.674.INFO.Signaling force websocket stop..22:33:03.646.ERROR.Socket unable to read..22:33:03.646.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:33:03.646.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250630.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.986210580989175
                                                        Encrypted:false
                                                        SSDEEP:12:mXroy2Chakgmmtvv9wirecOBBQj8P40x2B65T:mXkGhg5tvlpADA+T
                                                        MD5:FBAD13F348BFA53ED518C5DEE123202A
                                                        SHA1:A44C4D1516D48610A8197939022B4967AEC27FC0
                                                        SHA-256:B0B1E65674C4BA37F0755416678597692408E3DDE427A0F4549BF990148636B7
                                                        SHA-512:D5D4CE81CD05EF52C4AE2E05BA4732F40D7C5372A3CB56CF4F53F4F48C4E308CB960814A08ACECF0CD7676831BC50941BAB7508445023218CB2A583AA3140614
                                                        Malicious:false
                                                        Preview:02:21:53.155.INFO.Signaling force websocket stop..02:24:09.984.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:24:27.161.INFO.Socket connected to getscreen.me:443..02:26:33.810.INFO.Signaling force websocket stop..02:26:33.891.ERROR.Socket unable to read..02:26:33.931.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:26:33.931.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250702.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):598
                                                        Entropy (8bit):4.969808755119932
                                                        Encrypted:false
                                                        SSDEEP:12:T+mkk12ChvR2tvvWikhKnhKOQj8P40wKn5QRDQChY:T+mks2GvR2tveikhKnhKODAdK5EsGY
                                                        MD5:481DDA89EA84C692A1F9F6348FBFBBDB
                                                        SHA1:8E1654A3A75165CC4AD94A4287737E8BFCC8CCDF
                                                        SHA-256:C0261DDE7CBB2C5369BCF4EA6FEEAD18FDA8FFFA79BBDC3E8B486F41467C6BD0
                                                        SHA-512:59869C26D63C734E19AFBA9E6C2BAF9A0C0032C25489E2ED1DAC3D20858C27400DDDF2D3ED716C06107E9F3717D748EF9D999410DF4594B9CC074C82FC887F8C
                                                        Malicious:false
                                                        Preview:05:41:20.081.INFO.Signaling force websocket stop..05:41:57.196.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:42:13.406.INFO.Socket connected to getscreen.me:443..05:44:22.169.INFO.Signaling force websocket stop..05:44:22.239.ERROR.Socket unable to read..05:44:22.239.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:44:22.239.ERROR.WebSocket connection error getscreen.me/signal/agent..05:46:22.770.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20250704.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):529
                                                        Entropy (8bit):4.934456063019381
                                                        Encrypted:false
                                                        SSDEEP:12:wo4FtvvBVOQj8P40Vvj58LxKorHX2Chgtvvn:wxtvHODAKF8NK7Ggtvv
                                                        MD5:9388CA9B41064150729547C0AC0B2ACC
                                                        SHA1:35236904E853E77679D49F6AD61B4B379E6DACBA
                                                        SHA-256:8C476C12E6A66B3AB5D9039A965B66E881E8F23A80E1548A88C2CC09CEF9EBCC
                                                        SHA-512:96BDE90F61ECBC6FAD9CE72F08C18A80B2663D4E6BDF5F66947E0E16F5E46304EF46A32CA230EC810C1CB22509E5BA7F0DC8448F9387873C695D11E1C14BD782
                                                        Malicious:false
                                                        Preview:09:00:50.215.INFO.Signaling force websocket stop..09:01:51.223.INFO.Socket connected to getscreen.me:443..09:01:52.783.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:01:53.007.ERROR.WebSocket connection error getscreen.me/signal/agent..09:04:17.420.INFO.Signaling force websocket stop..09:04:39.804.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:04:49.221.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250705.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):918
                                                        Entropy (8bit):4.9612282195096
                                                        Encrypted:false
                                                        SSDEEP:12:r1oglx3iglWjOQj8P409lWjn588ChRtvvu2o/yQj8P40c58FL12Ch2Qtvvn:ZHOODAx588GRtvW2XDAt8R12G2Qtvv
                                                        MD5:5516398550AF2146F7C3BC0D00BB5E8C
                                                        SHA1:A1A10217F9AE587DC55B3E657C08AFD827502025
                                                        SHA-256:0C65C192D0AC1432387166F0C0BDE3330BCDE578C4FAE55B84BF115B0B134AFA
                                                        SHA-512:1985641B58966F60F4CADC57DDE620E8D2F8D6FC486E571AA60D85E777D6247495590FE9888D3332677986E93C16B3C5DE5C36D9FD6D4072B768850A6EBA48F4
                                                        Malicious:false
                                                        Preview:09:07:04.953.INFO.Signaling force websocket stop..09:09:56.135.ERROR.Socket unable to read..09:09:56.155.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:09:56.155.ERROR.WebSocket connection error getscreen.me/signal/agent..09:10:56.165.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:10:56.601.INFO.Socket connected to getscreen.me:443..09:13:58.366.INFO.Signaling force websocket stop..09:13:58.798.ERROR.Socket unable to read..09:13:58.798.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:13:58.798.ERROR.WebSocket connection error getscreen.me/signal/agent..09:15:13.086.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:15:18.893.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250707.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.961298402667833
                                                        Encrypted:false
                                                        SSDEEP:6:O/fXIX+WgIJUUu1vUdyMh1vcud2M0CCQP5K0CO1vdDNBQEQ7zXXIXNLD4EQJVd45:QKbxQj8P40nn5OTCh8otvvn
                                                        MD5:DA9AFE28DE7B17B3E7E8F5677A7DD0AF
                                                        SHA1:5B2EC394523BC91028E60D0B607BA4B7406373DA
                                                        SHA-256:EF80C6784892A44CF488AA33C4C6B1032821F466D452838FCA6F636A5EA0E5C5
                                                        SHA-512:0914FB6C6A57CDAABBF725528388CC943AF50833A3C1E7F0CBA67B066BF0AFF7A56C6A45FF9FC343C24CE5FBEA97B5F7E245653CAA3CB3B204E4A0742CFE5398
                                                        Malicious:false
                                                        Preview:12:29:58.759.INFO.Signaling force websocket stop..12:30:01.318.ERROR.Socket unable to read..12:30:01.328.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:30:01.329.ERROR.WebSocket connection error getscreen.me/signal/agent..12:31:57.513.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:32:03.979.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250709.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):5.011673871784729
                                                        Encrypted:false
                                                        SSDEEP:6:2XIX+WgIJUUzyUMPEud2M0CCQP5K0CJ8fDNBQEQY2XIXNLD4EQfT2dzvRWl8Rvvn:2K21RQj8P40Vb5D2ChNtvvn
                                                        MD5:867B501BD99652370B75F01771123BC7
                                                        SHA1:30F3E37AE3650FB1CE78FF31F845D7E4927682BC
                                                        SHA-256:7BA118EE5D774D5DBBA66A278675DE1E354DFCFDACF26B4583C65276D0A85006
                                                        SHA-512:30EBA08E721AA6104BA8BE8F286005A947DC220C16DCC822C771E535EDF57C874ADCDEEBF1F83C95384B2D699A8EDFBA440AE8EEB1754C93C7ADC12B8732ABE2
                                                        Malicious:false
                                                        Preview:15:47:09.253.INFO.Signaling force websocket stop..15:47:12.642.ERROR.Socket unable to read..15:47:12.682.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:47:12.692.ERROR.WebSocket connection error getscreen.me/signal/agent..15:48:38.924.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:48:39.358.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250711.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.984704630253661
                                                        Encrypted:false
                                                        SSDEEP:6:JjmXIX+WgIJUUAXM7Xud2M0CCQP5K0CgTDNBQEQ4:JiKgQj8P4015T
                                                        MD5:ED755866FE645992DB1952DDA73BB25B
                                                        SHA1:F6F908E8AFB648A0F071DB5A0AD9B21C3BE5C5CB
                                                        SHA-256:A38026DEC67212BDAB3C1BB5ED36C1DC4B182D1F9BD9A492A184044C6EB6108D
                                                        SHA-512:6FBD8483E55908156A4BC01A773829544B3FA088318CA51060A16F4C606619A31BEE8B3E66D841EC58356EDA22E4F047A1787C45F0FAB039B9D488FE6EF8BDF5
                                                        Malicious:false
                                                        Preview:19:03:25.828.INFO.Signaling force websocket stop..19:03:27.256.ERROR.Socket unable to read..19:03:27.256.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:03:27.256.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250713.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1581
                                                        Entropy (8bit):4.968389268868103
                                                        Encrypted:false
                                                        SSDEEP:24:/3VGztvzXvDAVbwzXG7gtvbXZdRDAqdCbnpr2GCi2tvA5DAWbBGrtvv:g5rDIbwq7QtPDlEbnhvCiauDnbMB3
                                                        MD5:A375211D101F3112349E97E156E544D9
                                                        SHA1:D005B7FB90A01C031B8C455863117550EAA998D0
                                                        SHA-256:37811491BE4984E73EE88178EFBB7191E302FF9679F243023FBB6595636AEC18
                                                        SHA-512:A8D5F582AE8FF399D643454D4C236D6A1E846A94E69FA00476D8574C9ECFC7A1F41063B3857406731CEC421F4EEC176153AA87D48448D2131ACD871AE7A6A236
                                                        Malicious:false
                                                        Preview:22:19:40.580.INFO.Signaling force websocket stop..22:19:42.072.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:19:47.377.INFO.Socket connected to getscreen.me:443..22:22:46.939.INFO.Signaling force websocket stop..22:22:46.970.ERROR.Socket unable to read..22:22:46.970.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:22:46.970.ERROR.WebSocket connection error getscreen.me/signal/agent..22:23:50.567.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:23:50.579.INFO.Socket connected to getscreen.me:443..22:26:58.909.INFO.Signaling force websocket stop..22:26:58.940.ERROR.Socket unable to read..22:26:59.121.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:26:59.121.ERROR.WebSocket connection error getscreen.me/signal/agent..22:28:19.626.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250715.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):3784
                                                        Entropy (8bit):4.9864382489774055
                                                        Encrypted:false
                                                        SSDEEP:48:fdDfk5FjADNk+jgDCk9pNg8cvDKkYwN2DFfXXCd8NnaNEhB4BBDwBSAnN9DTHgVC:xk5ek+7k9AYxfHCd8PQqSAbAq5x
                                                        MD5:BA0B22142B4686B27824C81E80192E77
                                                        SHA1:5448EE0F233B46153DF409FD24ACC227B8A925EC
                                                        SHA-256:4147A698CAB65B4E452EE3281AECF2F7328858C20BBB1B4383300CEA7DBB4801
                                                        SHA-512:45962D3D8972EEA4F606B26323DCC0422C16E26344F2EB180AA594D9B944CF9EE28E304C082A96B1A63874066223F784F0D98BC349AED452B749183837E3E019
                                                        Malicious:false
                                                        Preview:01:48:12.309.INFO.Signaling force websocket stop..01:48:17.896.ERROR.Socket unable to read..01:48:17.916.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:48:17.916.ERROR.WebSocket connection error getscreen.me/signal/agent..01:50:38.491.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:50:40.303.INFO.Socket connected to getscreen.me:443..01:52:52.450.INFO.Signaling force websocket stop..01:52:52.862.ERROR.Socket unable to read..01:52:52.862.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:52:52.862.ERROR.WebSocket connection error getscreen.me/signal/agent..01:54:42.394.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:54:44.374.INFO.Socket connected to getscreen.me:443..01:57:06.427.INFO.Signaling force websocket stop..01:57:06.458.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20250717.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1341
                                                        Entropy (8bit):5.002714170449305
                                                        Encrypted:false
                                                        SSDEEP:24:kikpADAzEuikxi1GLtvOk3nzDAHrElkrQGotvd2kWZDAGT:SqD+EoxjhrDDcrEqrtIFbgDfT
                                                        MD5:970B60FD21755B6448DA31CBFCC781B7
                                                        SHA1:B55AF3741ACECAC2F6B2D4777B6374C81B0DBEA1
                                                        SHA-256:D10B3671C7494000EE44A8E2FF00474900F76217963A6BE556FF70264B556D8B
                                                        SHA-512:E6C92C9EA4D318AAAB7F7019D9A50B37C703409F446A9785BFD54FE97D394F01B3ECF96DDC85F5520085993D8977322DCF2F35D47D2D8DFEB0235FDA6FC7DDC1
                                                        Malicious:false
                                                        Preview:05:39:33.169.INFO.Signaling force websocket stop..05:39:42.326.ERROR.Socket unable to read..05:39:42.326.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:39:42.326.ERROR.WebSocket connection error getscreen.me/signal/agent..05:42:07.747.INFO.Signaling force websocket stop..05:42:24.518.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:42:37.391.INFO.Socket connected to getscreen.me:443..05:44:47.891.INFO.Signaling force websocket stop..05:44:55.683.ERROR.Socket unable to read..05:44:55.703.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:44:57.360.ERROR.WebSocket connection error getscreen.me/signal/agent..05:47:07.535.INFO.Signaling force websocket stop..05:48:11.268.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:48:21.528.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20250719.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.806656707462825
                                                        Encrypted:false
                                                        SSDEEP:3:4BCUW9mXINF+WgIO0/Vyn:4EP9mXIX+WgIJUn
                                                        MD5:59B111F393503EF21327F462DA2D26CC
                                                        SHA1:5FC478AC7B0A29DEC2F78D793913C99617EE5221
                                                        SHA-256:2F977D6BD7A3866E522190D06968EEA9F49477934D2BDB91794EA5758FE46C7A
                                                        SHA-512:8108701D4960CB4A19783485EF9D89A04864A8F41BEF27413A619573ED7BC0853F748C6A2C8C20279EE6AA3B7FEC9892A6F79F04382351630F2D960218EAA873
                                                        Malicious:false
                                                        Preview:09:06:27.143.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250722.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.949418365033298
                                                        Encrypted:false
                                                        SSDEEP:12:M4Xr4mCh/LtvvV82KUk3aUkuRQj8P40Jkuq5T:Mu4mGztvdnPvUvDAYkT
                                                        MD5:2EDB3BAB1487A5DD9C01512BE6B40B5E
                                                        SHA1:46EAF3F745A3B93678967A77703CB65DB7548483
                                                        SHA-256:F394DB406B59373E6C6FBC18FA3B7BCA725EF94A3264A19C38B38368B5128CCC
                                                        SHA-512:B6FA4798F3FD37805887132043DA00FD7A9404F64490F548E73FBD3C0E7D7728D8855923BF61E1CD96FAD99B893DD0ACA0F6E100B1F78E073E6A010505DEAFF1
                                                        Malicious:false
                                                        Preview:12:21:12.923.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:22:15.472.INFO.Socket connected to getscreen.me:443..12:24:27.234.INFO.Signaling force websocket stop..12:24:27.555.ERROR.Socket unable to read..12:24:27.565.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:24:27.565.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250724.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1545
                                                        Entropy (8bit):5.003261598859851
                                                        Encrypted:false
                                                        SSDEEP:24:hgLBG4tvvsXHDAdfd4XGKLtvXvRXDAf+GNtvMDDAZv5:uLMYXcD4m2WpDuXvADIh
                                                        MD5:0E5F2423AC429DB67B13A7C545337ADF
                                                        SHA1:E32A485C179F84A3A4E418796C3975B67F4F46AE
                                                        SHA-256:01F5455F448E5841133CB5325037D923C09F0037C5A4B4690267EE0A85E45EC5
                                                        SHA-512:A68BBEAFFB89949BE8C970E6600978FD4C8AC3A0DDDE8C79C193C03244E074CC78ED571D0C958EBB4227695FF2D29625333449D3B06040D99ECFD13E68367EEA
                                                        Malicious:false
                                                        Preview:15:40:12.594.INFO.Signaling force websocket stop..15:40:25.320.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:41:40.765.INFO.Socket connected to getscreen.me:443..15:42:39.239.INFO.Signaling force websocket stop..15:42:39.309.ERROR.Socket unable to read..15:42:39.349.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:42:39.349.ERROR.WebSocket connection error getscreen.me/signal/agent..15:45:04.587.INFO.Signaling force websocket stop..15:45:05.518.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:45:05.551.INFO.Socket connected to getscreen.me:443..15:47:29.795.INFO.Signaling force websocket stop..15:47:30.077.ERROR.Socket unable to read..15:47:30.077.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:47:30.077.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250726.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.796997545837856
                                                        Encrypted:false
                                                        SSDEEP:6:WKiXIX+WgIJUUWr72XIXNLD4EQHB2dzvRWl8Rvvn:WKiKk72Ch7tvvn
                                                        MD5:2E5C0D0B4198BFC13BB1A9F169A1CFB5
                                                        SHA1:E32131447AB9EE97D43042623AE9619D8FC9EDE6
                                                        SHA-256:49BE0BB1152FC361C9668640A0D700CF452A4DDE09F3F3F4DCF27279ABCB7ACE
                                                        SHA-512:0D1C47ED778FECE7F940EB3591AA7B0561F47DA76DC81EC681606980EFD6823AC6C53AF025F7533FEB6F8979945C4BFCA87DD1FB0F6E6E2C9C08CBFFA02557B3
                                                        Malicious:false
                                                        Preview:19:08:22.860.INFO.Signaling force websocket stop..19:08:25.964.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:08:39.565.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250728.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.89178952751334
                                                        Encrypted:false
                                                        SSDEEP:6:rAXIX+WgIJUgwMiwud2M0CCQP5K0C+A0DNBQEQ4:rAaAFQj8P40U25T
                                                        MD5:8BC34E1FCBC8D22E8F1E77A89E98A4F7
                                                        SHA1:2708D812A8160D8B5A85613C1B0A1D968095FA7B
                                                        SHA-256:5FBC2C25B5BC1D49C81FE81839CC239EC0EAA6BF0ED21AE00BECF72D4479D0E1
                                                        SHA-512:C651286EE6CDCC020CDF269FDBDBD12B8B64317C585F2A7DF6FBAE2E4E2E3F8888D75CE21A45E1F3CE45F8B6E0E080503CF7EBF2C4B071A98E5D8FECEA9F2B4E
                                                        Malicious:false
                                                        Preview:22:23:24.762.INFO.Signaling force websocket stop..22:23:30.045.ERROR.Socket unable to read..22:23:30.045.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:23:30.045.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250730.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1030
                                                        Entropy (8bit):4.993008204106454
                                                        Encrypted:false
                                                        SSDEEP:24:TEQerG5btv6agR8DARk/aR2GqztvSiav5DA8T:Ei5x9hD8kCZq5qdhDFT
                                                        MD5:90153E53C83D34115B9B04DF3DB439D9
                                                        SHA1:A07427A91E08E12380919FC049660C8E33D57943
                                                        SHA-256:FB2900FD9D808A5F5D5B6015997590E28A9E50D72C4CD928E46BF34DCAA6321B
                                                        SHA-512:6EF929E81514689EADA180528651618601B7FF7C9286B430C61BA2B53EF7B0B063716D131B00D5E152F4B635C3557543706F5570C90C6CEC8877450401CB5AC5
                                                        Malicious:false
                                                        Preview:01:39:27.207.INFO.Signaling force websocket stop..01:39:51.485.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:39:56.194.INFO.Socket connected to getscreen.me:443..01:42:16.965.INFO.Signaling force websocket stop..01:42:17.275.ERROR.Socket unable to read..01:42:17.346.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:42:17.346.ERROR.WebSocket connection error getscreen.me/signal/agent..01:44:31.061.INFO.Signaling force websocket stop..01:44:54.533.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:45:02.148.INFO.Socket connected to getscreen.me:443..01:47:18.484.INFO.Signaling force websocket stop..01:47:18.856.ERROR.Socket unable to read..01:47:18.840.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:47:18.840.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250801.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1030
                                                        Entropy (8bit):4.994614490170258
                                                        Encrypted:false
                                                        SSDEEP:24:VikyGUtv1kuBDAuGtkk3GVtvXk545TDAlQT:NT0CUDDpLHM5KTDkQT
                                                        MD5:4179953376E8BD9CD7E6C7ABC268CA40
                                                        SHA1:33BFC14FC6EA16179A4B85BA2461E3B0F98825A8
                                                        SHA-256:6B23929734B6F852F0972B1223EEEB25287795B2D37F03CE9ED415B84326E1A0
                                                        SHA-512:57AC583E64D67CA21D8F3171E992644235682E90FFBFA30B10BD86A8A173939D8428FD2DAC3FE1D3546494342C0E0747F474BD474184095E91793D47077B5A2B
                                                        Malicious:false
                                                        Preview:05:01:47.869.INFO.Signaling force websocket stop..05:03:59.524.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:04:05.759.INFO.Socket connected to getscreen.me:443..05:06:23.902.INFO.Signaling force websocket stop..05:06:23.933.ERROR.Socket unable to read..05:06:23.933.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:06:23.933.ERROR.WebSocket connection error getscreen.me/signal/agent..05:08:36.479.INFO.Signaling force websocket stop..05:08:47.201.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:08:56.662.INFO.Socket connected to getscreen.me:443..05:11:11.868.INFO.Signaling force websocket stop..05:11:13.482.ERROR.Socket unable to read..05:11:13.482.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:11:13.482.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250803.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.769009771599882
                                                        Encrypted:false
                                                        SSDEEP:6:OsrWs2XIX+WgIJUPSoIXXIXNLD4EQBaLCX2dzvRWl8Rvvn:OKiRoChS2tvvn
                                                        MD5:FADABE2457A8EF23056C59CD24A22F75
                                                        SHA1:D8147452AE2E3E84EC544E6BAB89CD94A5470EA0
                                                        SHA-256:3697FF57073C31065DDB24C94C78AE50A07097B3E8F409DCE398ED247CB0EAC7
                                                        SHA-512:7584BA20B5F50F4717E51EE89AD0076FD01A1BCACBDD2B80EF01C63EE21D55E655D04A36B0A71D9708B4D806B7C8258D4B1D4D7D350DB104BBF9B3573FFAB9D9
                                                        Malicious:false
                                                        Preview:08:27:24.397.INFO.Signaling force websocket stop..08:27:27.761.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:27:40.104.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250806.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1229
                                                        Entropy (8bit):4.977069974619449
                                                        Encrypted:false
                                                        SSDEEP:24:FiFDA0KGzqXtvnw/DAfeGEFtv2XXODAjD5T:yDlLGdID+32bDONT
                                                        MD5:5ACBA42BB05DA6DA09468E404F5A77AC
                                                        SHA1:23626DBACE292425446611AC3D756B4AB6AE2345
                                                        SHA-256:93D5A3BB8D30021AC6AC65675EB7FA67976E39EB0F8F04AB33860B01A88262E8
                                                        SHA-512:200B798E7EC6C31DBD7511D438F86B7A700095811BE13DF93506616885A03A7E13C33173B2E90DD4FB700F2518BC484C76B6D092057EAF8B2E293748E51CA4F6
                                                        Malicious:false
                                                        Preview:11:42:53.169.INFO.Signaling force websocket stop..11:42:58.431.ERROR.Socket unable to read..11:42:58.431.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:42:58.431.ERROR.WebSocket connection error getscreen.me/signal/agent..11:44:58.377.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:46:08.483.INFO.Socket connected to getscreen.me:443..11:47:12.423.INFO.Signaling force websocket stop..11:47:13.976.ERROR.Socket unable to read..11:47:14.026.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:47:14.026.ERROR.WebSocket connection error getscreen.me/signal/agent..11:49:13.144.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:49:22.811.INFO.Socket connected to getscreen.me:443..11:51:37.198.INFO.Signaling force websocket stop..11:51:40.153.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20250808.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4044
                                                        Entropy (8bit):4.997715028242392
                                                        Encrypted:false
                                                        SSDEEP:48:/3kyfLEDD7BznLDw02iA0DRyfKE1ODi5e2oaDDTJfoVxDSiHtmi4JD46+DRsDpUr:/UtBzQnuyx1D5jxJAIiHt/4i6+KUr
                                                        MD5:82D9BBCF4440AA7080B1D91678F132B8
                                                        SHA1:044FF5F20637EE1C92F7F7CA8B646275446B1CAA
                                                        SHA-256:FA421683BC2B9344556A90A1A94730B5C9C64F5539CD8EFA2A5FDA7C9A1A52AF
                                                        SHA-512:9758C2A76ADD85DF4E835A53627652216BBC24071C4752EC44196B703F5B09A0185DED78A675072A434CCAF3B47A9A42375D708F758762BDB9C96AF18F01FA29
                                                        Malicious:false
                                                        Preview:15:06:31.124.INFO.Signaling force websocket stop..15:08:19.458.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:08:28.832.INFO.Socket connected to getscreen.me:443..15:10:42.944.INFO.Signaling force websocket stop..15:10:45.559.ERROR.Socket unable to read..15:10:45.599.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:10:45.599.ERROR.WebSocket connection error getscreen.me/signal/agent..15:12:57.597.INFO.Signaling force websocket stop..15:14:30.874.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:14:41.844.INFO.Socket connected to getscreen.me:443..15:16:56.239.INFO.Signaling force websocket stop..15:16:57.091.ERROR.Socket unable to read..15:16:57.111.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:16:57.111.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250810.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2351
                                                        Entropy (8bit):4.995582028700794
                                                        Encrypted:false
                                                        SSDEEP:48:TDaukADRXDRewgwDj/JdaeHD232eO6DZ873:yudTXJa3d8L
                                                        MD5:3ECDF30CA25B71DDCAAD7B117EC8D89B
                                                        SHA1:F9E3A9A7B32B01E4D31DC13768FFD6F28F91BE0E
                                                        SHA-256:C9B0FFEA41682FF051154901F697DACA255162872318A6BC0EFDB925F8D08D8A
                                                        SHA-512:49E8730A5C40587A736736CC0CB346B814481C84E05C9736E48BF4484032DCBA597F870D9AB9504BF846D151122C44589376B9371702BE13366E9952F7B88C44
                                                        Malicious:false
                                                        Preview:19:01:54.687.INFO.Signaling force websocket stop..19:01:57.768.ERROR.Socket unable to read..19:01:57.768.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:01:57.768.ERROR.WebSocket connection error getscreen.me/signal/agent..19:03:20.572.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:04:21.044.INFO.Socket connected to getscreen.me:443..19:05:32.068.INFO.Signaling force websocket stop..19:05:32.359.ERROR.Socket unable to read..19:05:32.399.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:05:32.399.ERROR.WebSocket connection error getscreen.me/signal/agent..19:07:57.544.INFO.Signaling force websocket stop..19:08:04.773.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:08:13.987.INFO.Socket connected to getscreen.me:443..19:10:30.243.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250812.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.964361778230263
                                                        Encrypted:false
                                                        SSDEEP:6:XXLvaXXIX+WgIJUXIdMVIdud2M0CCQP5K0C+3IZDNBQEQaX6us2XIXNLD4EQhiEp:XXLe9JDQj8P40r05bK72ChDVQtvvn
                                                        MD5:EEECE0E6CC28DF3ABA81E1D8B4802F29
                                                        SHA1:B9B414F66A06E42D51080BF9D73DA432D61BDB60
                                                        SHA-256:B2896222DBED441531599D210320D19665B37AEAFD0D7D6FD138AE16FF560EA4
                                                        SHA-512:C0DA2EE5B099616B10C7B18057D2180D5AFD7A473328CEE068ABD8A13EB61802D554183F0E5974E94C24AB41BDC6DD938DE08C910F730FF9A211C13E50615952
                                                        Malicious:false
                                                        Preview:22:35:22.013.INFO.Signaling force websocket stop..22:35:25.294.ERROR.Socket unable to read..22:35:25.294.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:35:25.294.ERROR.WebSocket connection error getscreen.me/signal/agent..22:37:19.764.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:38:28.738.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250814.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.959686074059493
                                                        Encrypted:false
                                                        SSDEEP:6:gQaI2XIX+WgIJU+bAt3EMofDMOud2M0CCQP5K0CXMKDNBQEQYGF/2XIXNLD4EQ8U:L2gb46byQj8P40wj5kl2ChWtvvn
                                                        MD5:73347665132B339CDA5CC148E68D197F
                                                        SHA1:EEC0DB0F654F1AE60BF6739F3056A701B08D2F93
                                                        SHA-256:082B4A2DB3402C26E483BCDF843DDCF170C466BE10886146F08D0D1EB07FE7FA
                                                        SHA-512:DD1680F3AB2698F0AD356F569B9A7E9EA3E8995B9464FCA397249B799CCA8FD2DCFD0155ED3D7C2FA9BC68E2AD2E58567CB4039739BA1D7C7CC81E3FEB6002A2
                                                        Malicious:false
                                                        Preview:01:53:02.476.INFO.Signaling force websocket stop..01:53:05.446.ERROR.Socket unable to read..01:53:05.486.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:53:05.486.ERROR.WebSocket connection error getscreen.me/signal/agent..01:55:26.286.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:55:35.471.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250816.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):826
                                                        Entropy (8bit):4.995849311467338
                                                        Encrypted:false
                                                        SSDEEP:12:ikvevxQj8P402K5QnAkQChAOitvvH2kWZQj8P40EE5T:ikvevxDALiaAkQGGtvv2kWZDA/wT
                                                        MD5:9018C12673CDD5E09D3DF6D066FEE491
                                                        SHA1:7FF60C4D218B3104AF73204BA39ED9F92EAB5B86
                                                        SHA-256:86D82E5A1DBB6631CC6AFA6721295572B1919167AB1447CA7A082F39D82C30A9
                                                        SHA-512:40C29089E060DE97AA137804DA788D8F9428CA27CC37BA644F70423B5260874B3ADAD3A73450CF4DDBFA3A615E615DE50016CA6AA0F693776D6DE12B5FF02ECC
                                                        Malicious:false
                                                        Preview:05:11:11.052.INFO.Signaling force websocket stop..05:11:14.320.ERROR.Socket unable to read..05:11:14.320.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:11:14.320.ERROR.WebSocket connection error getscreen.me/signal/agent..05:13:39.723.INFO.Signaling force websocket stop..05:14:17.238.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:14:47.589.INFO.Socket connected to getscreen.me:443..05:16:42.156.INFO.Signaling force websocket stop..05:16:42.597.ERROR.Socket unable to read..05:16:42.597.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:16:44.632.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250818.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.770942421748538
                                                        Encrypted:false
                                                        SSDEEP:3:OUf/c4qs2XINF+WgIO0/Vyn:OGEns2XIX+WgIJUn
                                                        MD5:838048D75B1A1AE1FE1BF92999D37995
                                                        SHA1:44DCE925AB3C1E243D5C99286C56999EF05A803F
                                                        SHA-256:D90506C7515D6955370166DA9B7F6020915624C4204677B72BE7B798BE98861D
                                                        SHA-512:23E4D9B0B5DB25CF564ABDF144FA1CEAD7C2EC38284517D7A89A89A6318A396AE9C5D953613E187A6AE48692E2CA066C360D0838933E18766CDFEB381955371D
                                                        Malicious:false
                                                        Preview:08:31:17.455.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250821.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.699513850319967
                                                        Encrypted:false
                                                        SSDEEP:3:N5KRFn2XINF+WgIO0/Vyn:DK52XIX+WgIJUn
                                                        MD5:D343F22AF4588C7831388DA6D6E8901A
                                                        SHA1:50C4F18EDBC575363EFEE943B7485EC464F55B90
                                                        SHA-256:2C25270791B09A91E04444F2A06742A8093705095DC2DFC79EE9E383657B05E0
                                                        SHA-512:0D4E7F937DCFBC8537301582E172B94A44F42AE947091C0254CAA4FAA3D65650542C17E542B7F59630EC762DF43DD908393CF62C6D783D003A3173A1AC17E28F
                                                        Malicious:false
                                                        Preview:11:45:48.985.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250823.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1637
                                                        Entropy (8bit):4.982406023327798
                                                        Encrypted:false
                                                        SSDEEP:24:MEQGztvg1DACo8GDtvhVDA2hFGjtv3ycDAIh2GkXtvv:MS5aD3eJ/D/hopfBDlhvo3
                                                        MD5:F63B967A7EC58DE69FE936093ED0C5F9
                                                        SHA1:DCDDF00A6E27BC3075A1041B4163F25D11125273
                                                        SHA-256:420B1277E3AC5F2E12B4478083DDE9A88DD5F74BB9EDFF3E657F9F17314A32DF
                                                        SHA-512:6291D7603923D3D8139D45C40009F53469B747441B8FE4B29D0CC70E01C270A59D372A9C22488EA8BC9BA9951DA2A2E8CE87F4A929704A3D2437CA43F5D132BF
                                                        Malicious:false
                                                        Preview:15:02:05.613.INFO.Signaling force websocket stop..15:02:06.598.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:02:07.133.INFO.Socket connected to getscreen.me:443..15:04:32.289.INFO.Signaling force websocket stop..15:04:32.390.ERROR.Socket unable to read..15:04:32.390.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:04:32.390.ERROR.WebSocket connection error getscreen.me/signal/agent..15:06:49.421.INFO.Signaling force websocket stop..15:07:43.615.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:07:43.831.INFO.Socket connected to getscreen.me:443..15:10:08.903.INFO.Signaling force websocket stop..15:10:08.976.ERROR.Socket unable to read..15:10:08.976.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:10:08.976.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250825.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.934470196354042
                                                        Encrypted:false
                                                        SSDEEP:6:EqYXIX+WgIJUUU1aMT1jWyud2M0CCQP5K0C01jW2DNBQEQ4:EZKouQj8P401RH5T
                                                        MD5:D7A132D80E84BF337DD90B86ABB388AF
                                                        SHA1:87AF2E06F596345A7C61B06A7AF9734F7D9B9414
                                                        SHA-256:E51DFF43AAC74D0A46482D2312D687CEE40A4CD3407406F6402144538D3DD628
                                                        SHA-512:D35CEB066E2912489DC7FF0B06F376838EC3FC876819FD001992D9B05D2C9C64FF6DD9336F108883D0823B62E7BBAFBAEC1BE790C1C1A389CB0FF5BE178A4E5D
                                                        Malicious:false
                                                        Preview:18:30:52.609.INFO.Signaling force websocket stop..18:30:55.123.ERROR.Socket unable to read..18:30:55.153.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:30:55.153.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250827.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.806656707462825
                                                        Encrypted:false
                                                        SSDEEP:3:3fVu3mXINF+WgIO0/Vyn:vVqmXIX+WgIJUn
                                                        MD5:9B4E9D05286A56966E7EC086CFD5C82E
                                                        SHA1:07D162AA4E51A91D4C2F3991E92189E07119735D
                                                        SHA-256:798677B628F44335F59A0EBA7EF96CB01D828E8AAADA255956F2FAE2E04B82F3
                                                        SHA-512:0C548C7C048F8B30D7CDF96B199CD94B5F26A80957F9602D476FD7A5832D718F22CEA3D412912A9C688E931EA0418C30AB07ED6E865F9B87E0BEADB772259E90
                                                        Malicious:false
                                                        Preview:21:45:35.069.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250829.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1030
                                                        Entropy (8bit):4.958152867242106
                                                        Encrypted:false
                                                        SSDEEP:24:7wi7MmG22tvhLr/LALFDA4LukR9Ggtvl/0PDAJT:c6y2a5LTLALFD1LukGQdCDsT
                                                        MD5:6216CB978732CBD00EC9A0D3413C733F
                                                        SHA1:0E448A8AB47846AAD8C1B9B30745F026EE68D0E7
                                                        SHA-256:323FB3DD56B2A00C63D1D3B38AB9B919A0875EF0B7007936AC7503205E972EC8
                                                        SHA-512:56E922148F7E0AE437636D442EC23F49B09A45F27E19FA44EFFCED4D2DB5C9108061B44DA5B6E6FF4527010FD289442AD1EB4F23D926CD2A05D16330EEE795DD
                                                        Malicious:false
                                                        Preview:01:01:07.109.INFO.Signaling force websocket stop..01:02:05.003.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:02:10.136.INFO.Socket connected to getscreen.me:443..01:04:29.362.INFO.Signaling force websocket stop..01:04:29.533.ERROR.Socket unable to read..01:04:29.563.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:04:29.563.ERROR.WebSocket connection error getscreen.me/signal/agent..01:06:43.004.INFO.Signaling force websocket stop..01:07:52.532.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:08:37.187.INFO.Socket connected to getscreen.me:443..01:10:17.452.INFO.Signaling force websocket stop..01:10:17.993.ERROR.Socket unable to read..01:10:18.023.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:10:18.023.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250831.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1561
                                                        Entropy (8bit):4.989331105114578
                                                        Encrypted:false
                                                        SSDEEP:24:Z62GZtv+iwPrDADoQiTGTtv48DAGlGV2dmBmktM25:svrWzDFgZ7DfIVl
                                                        MD5:5F42A2280331F581A1009696827AFFA1
                                                        SHA1:A179C387989B50B6BB3F15BB2020FBD90A33F435
                                                        SHA-256:DF391489BF4D35CD1E1554E6C1543EDA112421670954B0C844671860BC9D57CA
                                                        SHA-512:400A3440622BF5C280B461C13CAEDB72687917D0B9B93942DE670755B46324B4BBC10CEB5FEDA16237F2C03A50DEBEA9CE348363A8AE0BD28D1A4B1065280CD0
                                                        Malicious:false
                                                        Preview:04:25:34.548.INFO.Signaling force websocket stop..04:26:32.101.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:26:41.281.INFO.Socket connected to getscreen.me:443..04:28:56.484.INFO.Signaling force websocket stop..04:29:00.771.ERROR.Socket unable to read..04:29:00.781.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:29:00.781.ERROR.WebSocket connection error getscreen.me/signal/agent..04:31:26.337.INFO.Signaling force websocket stop..04:31:48.795.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:32:59.977.INFO.Socket connected to getscreen.me:443..04:34:02.748.INFO.Signaling force websocket stop..04:34:03.680.ERROR.Socket unable to read..04:34:03.690.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:34:03.690.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250902.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):168
                                                        Entropy (8bit):4.787477987751323
                                                        Encrypted:false
                                                        SSDEEP:3:MV5y3qs2XINF+WgIO0/VyVdfUOLckNrWXXINF+WgIO0/VyVdfUPL2FXINF+WgIOp:MVwas2XIX+WgIJUxo22XIX+WgIJUBXI+
                                                        MD5:804D7F4CBFF238AA7E88F5BE2A4249F3
                                                        SHA1:34C6D6F10E83F597AF6F63F406FA0F7019534598
                                                        SHA-256:1183DA291BB2DDCF20BF7AA7912E3CE01C0E03961B0327A4D0180B57566C19D8
                                                        SHA-512:8D1C498E16BD54779A788E0FB47F49465F70A1B52DE6B54F59F422067D7D918D6926C4AAD574A8C27D391798CC95669FA46A85795E8A026809DA9B1186CF549A
                                                        Malicious:false
                                                        Preview:08:10:41.455.INFO.Signaling force websocket stop..08:13:15.972.INFO.Signaling force websocket stop..08:15:41.451.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250905.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):177
                                                        Entropy (8bit):4.68464555822174
                                                        Encrypted:false
                                                        SSDEEP:3:N+5LI3mXINF+WgIO0/VyUBRjg12XINF+WgIO0/VyUBRFrnXdzvRWAAEzRWovn:oI2XIX+WgIJUUBs2XIX+WgIJUUBvXdzv
                                                        MD5:82E5C7FE5E99868D6E5CF255E7A04806
                                                        SHA1:0683E161530EC652C202414D0D1C748C84F275EB
                                                        SHA-256:346D8DC6477423A6E09B38F67939F6356945018679B08382423DC0B81575FEC1
                                                        SHA-512:D4D2262FD27CBEAD44ABC6B60E81B326B9642DD001D586797BA0B0D353CB1B19CBA422919E71FD419AF34FAF5BBB41ADA94A44D663F87C46F01FA585C96E8572
                                                        Malicious:false
                                                        Preview:11:30:48.199.INFO.Signaling force websocket stop..11:34:39.184.INFO.Signaling force websocket stop..11:34:49.783.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250907.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.961138946280819
                                                        Encrypted:false
                                                        SSDEEP:6:ICCQXIX+WgIJUUwMbud2M0CCQP5K0CUDNBQEQfMQXIXNLD4EQxG72dzvRWl8Rvvn:IRQKgQj8P40t5edCh/Ktvvn
                                                        MD5:770830C247A20986F0E4E0D25D22FA88
                                                        SHA1:BBFBAFBDCB5DA76C047B9C9851D788F6C52AB148
                                                        SHA-256:113561F1D6CBA489BA63189DB17ADD3419A8614768D5D279DC5D9D7CEF2484FE
                                                        SHA-512:23CEB970BC2FB325B9EECBE9E4DAF2AD1B660B00AEBFC5A0CBB8B8665401F68300B221C5A3B901DE280D4286B0BDB1947C90C7395032AFF569B41365337EDAFF
                                                        Malicious:false
                                                        Preview:14:49:24.603.INFO.Signaling force websocket stop..14:49:27.479.ERROR.Socket unable to read..14:49:27.479.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:49:27.479.ERROR.WebSocket connection error getscreen.me/signal/agent..14:51:42.603.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:51:49.771.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250909.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.965173974558654
                                                        Encrypted:false
                                                        SSDEEP:6:E9lXIX+WgIJUUC2UMH2Uud2M0CCQP5K0Ci2QDNBQEQ4:E9lKC2d2BQj8P401265T
                                                        MD5:35E8B65408CE3104DAAC4AB2493EAC1B
                                                        SHA1:67BDB9AB0E9F962C18B28274FD65B2D4C06E8F84
                                                        SHA-256:05FA3750DF9F838405FEFF74CC3C0078A9286E75A88481C0F05E8F5A684E2793
                                                        SHA-512:B7CFEC4DEF641F33DE804DEED1071E34AB7688B355D4EA4C2CAF243DF862FC3A0ECF30487CDC741C34E551431BF7293244FE3D9E740B7DDEE48F55DEA07EB997
                                                        Malicious:false
                                                        Preview:18:07:22.693.INFO.Signaling force websocket stop..18:07:24.773.ERROR.Socket unable to read..18:07:24.773.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:07:24.773.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250911.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4008
                                                        Entropy (8bit):5.0038194914183745
                                                        Encrypted:false
                                                        SSDEEP:48:tSZsFD/b6N3apDhbrl2ifD4bF6GORHDhb/DveGvD1b5nimCDmb7Nv8ADVbZfmMD/:QQmNUV2vJVijrBxhiOnZpFfBT
                                                        MD5:CDDC615AECC5699F9EF68975D671A6BE
                                                        SHA1:16E5FC2C508862100651776C218F4CB64BA55F0C
                                                        SHA-256:6ECEBA93A5A6458FDF1534D3B4748F77FB1E2D567B9E11E81AAC8C9FB3E8C7A2
                                                        SHA-512:1E4703D8DDEF6A5F187AF03504D542CF78FE58B11B5CDECCF21C255376A8D2BEE2C93F27E77475C8D9E63F5382ACE542E1AC288023A6B6C9D9197D8A52E5A6A0
                                                        Malicious:false
                                                        Preview:21:22:10.316.INFO.Signaling force websocket stop..21:23:35.341.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:24:03.864.INFO.Socket connected to getscreen.me:443..21:25:53.595.INFO.Signaling force websocket stop..21:25:53.976.ERROR.Socket unable to read..21:25:53.986.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:25:53.986.ERROR.WebSocket connection error getscreen.me/signal/agent..21:28:19.092.INFO.Signaling force websocket stop..21:29:05.038.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:29:16.426.INFO.Socket connected to getscreen.me:443..21:31:28.499.INFO.Signaling force websocket stop..21:31:29.090.ERROR.Socket unable to read..21:31:29.120.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:31:29.120.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20250913.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2555
                                                        Entropy (8bit):4.986115394671996
                                                        Encrypted:false
                                                        SSDEEP:48:XLi/XRDmvCko/5RHDmqRckYKxEDyk88aDDhk9YbZDVk7a3:XG/kCko6kYg3k83k9Kk7U
                                                        MD5:E606805B5E21EF0BE6816A4F23BD9AB8
                                                        SHA1:E1611B0006F4F56FD4F757D7817B1478EADBCC7E
                                                        SHA-256:3186E86DC8E11717A5AE35B7993DC7C9B113B0622FE3F7221A664AABE2CD642C
                                                        SHA-512:1451E3BB4A6ED758CBE34C96988B90C170754466F10E537D40A24885A3C3F15208E867F4DF9A24794072A2BF3CF35A26E629068163951F08487E630BA3B5103D
                                                        Malicious:false
                                                        Preview:01:19:37.224.INFO.Signaling force websocket stop..01:20:03.065.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:20:08.913.INFO.Socket connected to getscreen.me:443..01:22:28.551.INFO.Signaling force websocket stop..01:22:28.812.ERROR.Socket unable to read..01:22:28.842.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:22:28.842.ERROR.WebSocket connection error getscreen.me/signal/agent..01:24:33.614.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:25:41.263.INFO.Socket connected to getscreen.me:443..01:26:47.725.INFO.Signaling force websocket stop..01:26:47.775.ERROR.Socket unable to read..01:26:48.346.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:26:48.346.ERROR.WebSocket connection error getscreen.me/signal/agent..01:28:25.488.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20250915.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:2Fr2XINF+WgIO0/Vyn:y2XIX+WgIJUn
                                                        MD5:E7C7437CE915874D6DAE3E7F4E50B0F8
                                                        SHA1:FACAEE8D156B16788D18A32D8E52AB494E5457DD
                                                        SHA-256:E1F12119EF5533F974F84C778EDC2CD0B25154CD6292415A18D74C8E68EB9379
                                                        SHA-512:05B05F0CC27F5A70D3BC2BF62404A50BE746BFB2D9B665BE7A980EA1EABB1A1E8B2B3775E384C5FE9E82A3B5A1EC300E77DD8858D15B883C7D01CE8916245699
                                                        Malicious:false
                                                        Preview:04:58:40.956.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250917.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):255
                                                        Entropy (8bit):4.836346902739152
                                                        Encrypted:false
                                                        SSDEEP:3:MWEin8XKZA12385PvqH+//KKX76VyITHiC1uPLRyOML0HiK85PvqDAUOg1MGXAEX:MeUMSvEud2M0CCQP5K0CK8vADNBQEQ4
                                                        MD5:96B466F27F8153AC80A1C351F4E3FFC8
                                                        SHA1:9B2472BCD01A56ADCB5672587A23DFE1E3063433
                                                        SHA-256:978AC55908B34C6861B8CF46B1B430AA075E361122A985ECA3BC30B4AA305573
                                                        SHA-512:2C61C641C71972225D0A97D142A7B804914BABAA2F36F264DC0E5F7AC241BCDC1750840C7201E805274A6724CC8898F01A367F0B4082762019E4345A966866D9
                                                        Malicious:false
                                                        Preview:08:13:10.346.ERROR.Socket unable to read..08:14:11.428.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:14:11.428.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20250919.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.686033716352762
                                                        Encrypted:false
                                                        SSDEEP:3:N/TJriXINF+WgIO0/Vyn:FTxiXIX+WgIJUn
                                                        MD5:BBA7C12EC8A1F51BD8C824E56A97C22E
                                                        SHA1:16D4D50E7C7F4EF33CD65DC500FF46710B1B576F
                                                        SHA-256:BD589C8E01048CD44B750C5F5D1CEED53B4D66A6751D2D214313267CAAF7A29A
                                                        SHA-512:C395654B8406ADB021246F2EB650D4F3F86D262F1BADE9B0FBCAD2B9BA572FBE7A9EEF47ECA36F2DC67B86AF7F65B9281273D91B1B594DB6B39F93622E58314F
                                                        Malicious:false
                                                        Preview:11:28:48.321.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250922.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.71398611286606
                                                        Encrypted:false
                                                        SSDEEP:6:IIgQXIX+WgIJUUwJXIXNLD4EQtmdzvRWl8Rvvn:IIgQKwJCh4mtvvn
                                                        MD5:A9DCF590E04CBC8DAC2B037ABAC97C06
                                                        SHA1:7CF7680DA61BF92B7BF337279294CCD98068D73A
                                                        SHA-256:49AD838EDA10CD69A595E7E2361ED8B10FF4CAF69DFD4900BDCD048DE8EDAF67
                                                        SHA-512:E56BD91EDE1B1CDF33D614453A75264B9041F37FA6ECA44F71A02A2CFF0B9B88A84DB018735730597A1F1F1CFAE0307113A3EEB15E13EFA2DC86A9BD3A1C757C
                                                        Malicious:false
                                                        Preview:14:43:28.872.INFO.Signaling force websocket stop..14:44:23.900.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:44:24.122.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250924.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.650319430638477
                                                        Encrypted:false
                                                        SSDEEP:3:L4kS5jqs2XINF+WgIO0/Vyn:JS5Ws2XIX+WgIJUn
                                                        MD5:418B181A3523D4F87846B873FFDBE2F3
                                                        SHA1:A7784F86BEC3842EF07C509AC6B8268461B25530
                                                        SHA-256:0A0A56AB652A2D3B6D2F367562AA00C077306309E120792CF72B9A0737806A1C
                                                        SHA-512:6A266D0253CF6A02DD5D0A7974023594213CA576D79ED5059167443991DE872FB87690BA1F33F11878EE94B966B26BB33791DF7D537006D2865A5D22AAA440D5
                                                        Malicious:false
                                                        Preview:17:59:15.997.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20250926.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):974
                                                        Entropy (8bit):4.987472240653538
                                                        Encrypted:false
                                                        SSDEEP:12:YQj8P40w5b9S2yChur2tvvaXRWXvfQj8P40no5bMv2Ch7sXtvvn:YDARb9xyGY2tvOuHDAVbs2GoXtvv
                                                        MD5:5910BE3749965A9483D38F7554D0AAC6
                                                        SHA1:A9B0FDF8A690DCB35D38305CDF58BE367638289B
                                                        SHA-256:C4CD3F1C0F6AC235F0A6615E43C2A76E55EFC5768D5984882255BFDA300E41AE
                                                        SHA-512:8B3412D20ACDE016789729754B061057DFF41A5AB2F4F3C762B2D4BEA295130DF7C2A1434910307C6D2F2F4A822E8068E7020A985D4F87ADC1B6F3A25AE5CA74
                                                        Malicious:false
                                                        Preview:21:13:56.821.ERROR.Socket unable to read..21:13:58.738.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:13:58.738.ERROR.WebSocket connection error getscreen.me/signal/agent..21:16:24.092.INFO.Signaling force websocket stop..21:17:09.358.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:17:19.636.INFO.Socket connected to getscreen.me:443..21:19:59.407.INFO.Signaling force websocket stop..21:21:02.160.ERROR.Socket unable to read..21:21:02.190.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:21:02.190.ERROR.WebSocket connection error getscreen.me/signal/agent..21:23:27.331.INFO.Signaling force websocket stop..21:24:38.701.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:24:38.913.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250928.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.95092273893265
                                                        Encrypted:false
                                                        SSDEEP:6:D+2XIX+WgIJUrXtjHMRXtjHud2M0CCQP5K0CCjXtjDDNBQEQYV5BsXXIXNLD4EQo:S2bjSjOQj8P401jn57sXChsQtvvn
                                                        MD5:1EFD260923AB08047C066AAE5818DB8F
                                                        SHA1:4C08A6E8B59B9712D98666362C2CD6712F05D176
                                                        SHA-256:FE2AA0088DAA2349494A591463B5E6C433A18C2C57F92275B8E9A23EE5B3E10C
                                                        SHA-512:4AAD9B54A028C5A3618DF5DB8E3F8FAF20EAE390D5D75EF1D67D7581F64A4581EC4CD87308AFC80D1AE102BA31194E264B45EE1912136241EB67DB8FDD4CEA05
                                                        Malicious:false
                                                        Preview:00:39:25.226.INFO.Signaling force websocket stop..00:39:26.755.ERROR.Socket unable to read..00:39:26.755.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:39:26.755.ERROR.WebSocket connection error getscreen.me/signal/agent..00:40:59.031.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:40:59.268.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20250930.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.929665531246689
                                                        Encrypted:false
                                                        SSDEEP:6:OtXLMgX2XIX+WgIJU81RLAyUMqftOfbud2M0CCQP5K0CvOffDNBQEQ4:OlLMPBof6Qj8P40Rfb5T
                                                        MD5:64D8AF31297BFB5A68BEEB91F0C084B9
                                                        SHA1:F4689708E7FE11EF2B31ADE6097F14B141940A04
                                                        SHA-256:E319AEB52621F6809AE269BF1E8CD6E5BA625A4CE3BB18FBE2455F1D4D9E38F7
                                                        SHA-512:51F6288DA3B0ECCD5DEA9F5919ACB0C27AF6B98A539DAB4D8C2E233B6E9168ABDDB3177C1717F96E2C61238B8D55950301BAC6320AA146133BAB40F5C1B2DCE4
                                                        Malicious:false
                                                        Preview:03:56:52.107.INFO.Signaling force websocket stop..03:56:54.987.ERROR.Socket unable to read..03:56:55.007.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:56:55.007.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251002.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.699513850319967
                                                        Encrypted:false
                                                        SSDEEP:3:SUGRJ2XINF+WgIO0/Vyn:SUG32XIX+WgIJUn
                                                        MD5:8362CB17024660E55A2E9C7AA3BF6091
                                                        SHA1:2AFAE9AAF09E86B2981FF3DFFB02FF6E205952E4
                                                        SHA-256:B024FC6313BB63D88E72C19545239CF4965E5EB0C2BF7257397D2197F5A0DA47
                                                        SHA-512:5E2F6E64A3C57AD58AE008770693A462045B8BB4848AF50AD260C12BE6133D661B823D9C06059A62D2B7DD7B5E81AF4025A1E7F2E2AD0EE6E3D7C1C17222BB8A
                                                        Malicious:false
                                                        Preview:07:11:43.704.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20251004.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.768883146359868
                                                        Encrypted:false
                                                        SSDEEP:6:M+XXIX+WgIJUU5y5iXIXNLD4EQSQ/2dzvRWl8Rvvn:MiKwiChQ/2tvvn
                                                        MD5:6D56F544FAAD39DB6BF3348CCC5AD33C
                                                        SHA1:E945026D5DF4CDA29E90B9A0310379EC938708B8
                                                        SHA-256:3F73B24BA76090DE7549E2E8E2127F5C833C3AB3B297016DEE193FF354566154
                                                        SHA-512:312F8D60AD2AEE5CCC6D1367110973325C31ECD738B0E18E10440C91AB623EDDD56E529776BD9475B7B9796890D3DF4667312EF001F7125E66A99D28BC1E693B
                                                        Malicious:false
                                                        Preview:10:26:43.308.INFO.Signaling force websocket stop..10:26:46.232.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:26:52.710.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251007.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.907430707613209
                                                        Encrypted:false
                                                        SSDEEP:6:pksmXIX+WgIJUUGfXSIMTfXSPbud2M0CCQP5K0CmfXSPfDNBQEQ4:paKqSxSiQj8P40NSz5T
                                                        MD5:C111F38078182762C1464A7A9EDDF0E3
                                                        SHA1:682711DB402A7B87FE4AA4B0AAD56870D931447D
                                                        SHA-256:A67BAA5C964FA2061BD4694BA17080409053A4C74FA0BCCC7EFF3CFBA194F04D
                                                        SHA-512:4ECBAA2F6983C69A362B0C2D377D35AB0F2D106F351F6BE219AD8E3B02E978E13956A88BBEF993807793D86B7425D06E2BDAA7AE1E0E66E3CFF60D155D35A43A
                                                        Malicious:false
                                                        Preview:13:42:24.301.INFO.Signaling force websocket stop..13:42:27.000.ERROR.Socket unable to read..13:42:27.021.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:42:27.021.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251009.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.796792428289001
                                                        Encrypted:false
                                                        SSDEEP:6:KKOLX2XIX+WgIJUUsGLRAqXXIXNLD4EQC5qXdzvRWl8Rvvn:qLX2KDLimChAXtvvn
                                                        MD5:DD8E0A043A84CB79FB61187530FDDC30
                                                        SHA1:2C376DD024455D5784457365FF8D852A873DAEB9
                                                        SHA-256:96D325597FD03BF38D7F147C77C4A30FB27CD9615ED5CE38B88AE1F5F3F2F4BB
                                                        SHA-512:360136412E5B4B6479D510DE5315CFB411ADFA0184B28454CAF470BEC0964070314F1831AD0E21B977507C95F004041F523025E1B8536F55D963466D2F485590
                                                        Malicious:false
                                                        Preview:16:58:12.390.INFO.Signaling force websocket stop..16:58:12.441.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:59:17.983.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251011.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.987080434340991
                                                        Encrypted:false
                                                        SSDEEP:6:Oras2XIX+WgIJUmsMMsud2M0CCQP5K0C8goDNBQEQ4:BXxQj8P40Zx5T
                                                        MD5:BAACEA4A3BDA82D3E2B9A38CC7226994
                                                        SHA1:08BBDA00D04B09A16CFC93242D7E7E806512ABB9
                                                        SHA-256:01B824A713CFE36D1F1044D52AC1C1DF2249A3CC5EA54F8A589ED554B743B297
                                                        SHA-512:035BACB972FC8203383D45332FAFEA7B425A94C454C94ED23F6E1EFADD11416E45E287F50CE0A8D064DD43DA8491733FC6C66AA9046760EC32953AC36E987312
                                                        Malicious:false
                                                        Preview:20:14:34.955.INFO.Signaling force websocket stop..20:14:37.998.ERROR.Socket unable to read..20:14:37.998.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:14:37.998.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251013.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.767380663583118
                                                        Encrypted:false
                                                        SSDEEP:6:YCX2XIX+WgIJUGtW2XIXNLD4EQOs2dzvRWl8Rvvn:Z2YXChlXtvvn
                                                        MD5:B9A7933064ADB0B8D1054FD68338B8CA
                                                        SHA1:5C6E9B23DC8ACCFDB230509FCFEA0F7D9D7E5E8D
                                                        SHA-256:8D96E53D03A1978E86943F35F50697467E8E49C1CA7DC4FDAEA797BE15B53398
                                                        SHA-512:3855F210BACF28671CCD42EA968560FD2A0A6498F04A6E2E5F01AD2D51F04AC5F84FEA445215781203E84B4CE6C05EE4E5AF6398F5C7E71D575EBE7FBA3B8B78
                                                        Malicious:false
                                                        Preview:23:30:09.104.INFO.Signaling force websocket stop..23:30:09.171.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:30:18.955.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251015.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):5208
                                                        Entropy (8bit):4.990947849741721
                                                        Encrypted:false
                                                        SSDEEP:96:L7+bbp5UdXtAHhrbm/Mtm3w7hI2gI1Ru7Y:L7+bbp5UEHhrbm/Mtm3w7hI1I1Ru7Y
                                                        MD5:61B2B2657EC8F5FDDE70ED32A2051872
                                                        SHA1:7CEBEBFC4863AEE16D1A74406F5843BD438BF44C
                                                        SHA-256:261EE9C1BDFBE8731C2B5822AE0DB3860E2CD93901C519A73097BAF0BF984FAB
                                                        SHA-512:11C92A2E05150C06D14A195EE58557296887B688D4E331772C9F579D6FB00F4E9207E1902B51EE527906559E37C7640768732D5467459E7782305A70FE860581
                                                        Malicious:false
                                                        Preview:02:45:49.890.INFO.Signaling force websocket stop..02:45:53.107.ERROR.Socket unable to read..02:45:53.107.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:45:53.107.ERROR.WebSocket connection error getscreen.me/signal/agent..02:48:18.564.INFO.Signaling force websocket stop..02:48:24.645.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:49:36.281.INFO.Socket connected to getscreen.me:443..02:50:38.808.INFO.Signaling force websocket stop..02:50:39.049.ERROR.Socket unable to read..02:50:39.099.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:50:41.308.ERROR.WebSocket connection error getscreen.me/signal/agent..02:52:13.931.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:52:20.641.INFO.Socket connected to getscreen.me:443..02:54:37.568.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20251017.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2696
                                                        Entropy (8bit):5.004516628333087
                                                        Encrypted:false
                                                        SSDEEP:48:VBDAjhXDItDu6NLS8a92TkCD51DeQ/xDVqWMKTXGDKnLGXp:AjmrAmTkQ1D/LqWlRnLKp
                                                        MD5:051A1A01F42603BDC952A509340F3969
                                                        SHA1:2D99B4BB61FDEFA8DF78B2696117432F243EA8FB
                                                        SHA-256:D123267BC35FBD5C7EE42E016D423FF826E96A8B6D5C2B9A1AAF9A7338078E14
                                                        SHA-512:ED3CCF4330F5F364629EB0954A47AB19714B30581FDBC580F50BBE37A66C79CC0C8BA6D747447CB91F542706894E6D1CC21D130927BEC1717D388EA08E1D84EF
                                                        Malicious:false
                                                        Preview:06:55:39.277.INFO.Signaling force websocket stop..06:55:39.495.INFO.Socket connected to getscreen.me:443..06:55:47.698.ERROR.Socket unable to read..06:55:47.698.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:55:47.698.ERROR.WebSocket connection error getscreen.me/signal/agent..06:58:00.142.INFO.Signaling force websocket stop..06:58:58.089.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:59:02.815.INFO.Socket connected to getscreen.me:443..07:01:22.318.INFO.Signaling force websocket stop..07:01:22.599.ERROR.Socket unable to read..07:01:22.599.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:01:25.718.ERROR.WebSocket connection error getscreen.me/signal/agent..07:03:47.869.INFO.Signaling force websocket stop..07:04:55.201.INFO.Signaling start connection to

                                                        C:\ProgramData\Getscreen.me\logs\20251019.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2315
                                                        Entropy (8bit):4.99214470334945
                                                        Encrypted:false
                                                        SSDEEP:48:TDlr4A7D7tfftZ4DYjxJ5qCIDlXj/wcdDRT:dr4atffljxajImT
                                                        MD5:4594EA9DDA4874BFE44CF7637FDF77AB
                                                        SHA1:3AF47CDBB524E68A062F139C441506CA4A447BEC
                                                        SHA-256:26998E32CA65816A784979363E5D71482FC8D1D0D2D6F0D7F055F4D78737CDD7
                                                        SHA-512:9B6E71E5ABC2269E74F9A0960BA51B6685ADAB9AD0255FD83EBC6617E416377FFEDB5F288B280340204C933085180562D9849426B03B7D9E170548C9764AA528
                                                        Malicious:false
                                                        Preview:10:38:08.864.ERROR.Socket unable to read..10:38:13.181.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:38:13.191.ERROR.WebSocket connection error getscreen.me/signal/agent..10:40:38.551.INFO.Signaling force websocket stop..10:41:53.440.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:42:03.729.INFO.Socket connected to getscreen.me:443..10:44:17.704.INFO.Signaling force websocket stop..10:44:18.035.ERROR.Socket unable to read..10:44:18.085.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:44:18.085.ERROR.WebSocket connection error getscreen.me/signal/agent..10:46:43.625.INFO.Signaling force websocket stop..10:46:59.322.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:46:59.553.INFO.Socket connected to getscreen.me:443..10:49:11.149.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20251022.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.766891126964933
                                                        Encrypted:false
                                                        SSDEEP:6:I7bRv2XIX+WgIJUUFvNn2XIXNLD4EQ1iYdzvRWl8Rvvn:I71v2KFVn2ChKtvvn
                                                        MD5:8B1D710F9990F4A45DD770105BA8790A
                                                        SHA1:C253B61FC23E961475616EEA83A9C7E5EE1DAF19
                                                        SHA-256:B345BDE937FE9836B10462361A2D0DF12244D8905FFDC9FE433BB9F0B9411F5D
                                                        SHA-512:3238DF8979DD739CD211E0616051A1047DFD4DE6C6397E873C3F4056A99FBB96384752F1864616D2C42CE5E604C6071EF64CCA1444AFDB2F5D509C2D677F5F31
                                                        Malicious:false
                                                        Preview:14:15:02.406.INFO.Signaling force websocket stop..14:15:48.956.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:15:53.899.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251024.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):5.010998570397077
                                                        Encrypted:false
                                                        SSDEEP:12:syQK3DHLDH6Qj8P40AHb5Be2ChYjtvvLU2K32LeQj8P40I5T:DQwrLr6DAntjGMtvrwWeDA1T
                                                        MD5:2C5C61AB3098C8A832F648270B085CD2
                                                        SHA1:DEA372F9240AA45DB664D9B6B086304E2F400460
                                                        SHA-256:E55B8A7E999C4C9342BEAFC9F7C7A01B3C24C288954621E8DCF84B4ECC898FDE
                                                        SHA-512:4B0CEF3CF6D87EBED617D675FFC2640BE139EA201441FC06E47F85256DEAA5DF1B214F38AA16D174690140B550D61701C1575EA059AEA77E8CF722446985A630
                                                        Malicious:false
                                                        Preview:17:31:13.293.INFO.Signaling force websocket stop..17:31:14.896.ERROR.Socket unable to read..17:31:14.896.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:31:14.896.ERROR.WebSocket connection error getscreen.me/signal/agent..17:33:22.944.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:33:25.831.INFO.Socket connected to getscreen.me:443..17:35:57.704.INFO.Signaling force websocket stop..17:35:57.724.ERROR.Socket unable to read..17:35:57.785.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:35:57.785.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251026.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.769896901730067
                                                        Encrypted:false
                                                        SSDEEP:6:KCXLI2XIX+WgIJUKh2XIXNLD4EQjMP5idzvRWl8Rvvn:VggCh+MPQtvvn
                                                        MD5:2EFB826F9561E38561DFE3EA34300EF2
                                                        SHA1:BDE151A1592BE025B86DAB2FD3F2C706656F0F21
                                                        SHA-256:3A93DD5EB46419BFD9F458D4EC614E6A9C326A35CC7E533EAC3323171D106699
                                                        SHA-512:30BCC9B1B0E9C373E8722C68581CCAD6E3772FD02A5EB3DE56C46FCF84906D36D1AAE85254B6196B022EB19763ACDE14A6584C9A3D8DE7734F34564FDAC6B0FE
                                                        Malicious:false
                                                        Preview:20:51:02.977.INFO.Signaling force websocket stop..20:52:06.815.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:52:09.052.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251028.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):918
                                                        Entropy (8bit):4.9255780605079496
                                                        Encrypted:false
                                                        SSDEEP:12:6iEgx3RQj8P40Kx3q5Qt2Chs2tvvP22km1Qj8P40qG5UkQChxds2tvvn:nPBDA9SPGs2tvXR1DA8UVGxK2tvv
                                                        MD5:3616C339AD950B68A53BF548E194C3D5
                                                        SHA1:B042D2BFBF623FFEE937614E2BB030C683DCEC38
                                                        SHA-256:F7147093EF3356776F23A3A7E12EA9F6EF8B3A2C72DC27EC8FDAE8B570A55850
                                                        SHA-512:88B20AD0443A65EB70E078F8171ED598CDEC38CCFC1465DA8EF64787E95DB7D731C8379D95220E8F5ADFC79936B8FE0D44B96AD9862FC3CB8FA35DD982C305AE
                                                        Malicious:false
                                                        Preview:00:08:52.561.INFO.Signaling force websocket stop..00:08:54.079.ERROR.Socket unable to read..00:08:54.080.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:08:54.080.ERROR.WebSocket connection error getscreen.me/signal/agent..00:10:32.474.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:11:34.076.INFO.Socket connected to getscreen.me:443..00:12:43.944.INFO.Signaling force websocket stop..00:12:44.105.ERROR.Socket unable to read..00:12:44.105.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:12:44.105.ERROR.WebSocket connection error getscreen.me/signal/agent..00:14:16.097.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:14:23.916.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251030.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.862939951618259
                                                        Encrypted:false
                                                        SSDEEP:6:OjiKXXIX+WgIJU8/WgkMqfnXB3Eud2M0CCQP5K0CRXB3ADNBQEQ4:OjtWnynXjQj8P40MXU5T
                                                        MD5:568DA1791E21F1A9139D4DAE007C067C
                                                        SHA1:402AB89C7101B447975216A066BBDEBBDA0F9F9E
                                                        SHA-256:BBFF7423B52617712632E0383BF597352B5499C0670CE061B2141293AFD00904
                                                        SHA-512:CEECEF4A65148B3B97C9454659D06D346BB01E44D4EE59C0315212EC749D7E2C16FBA7B5A40A197FB9EE33E6D131614FB8C058277CAEBE6E14A04C61FD8448B0
                                                        Malicious:false
                                                        Preview:03:30:43.333.INFO.Signaling force websocket stop..03:30:47.893.ERROR.Socket unable to read..03:30:47.943.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:30:47.943.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251101.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.968984384157334
                                                        Encrypted:false
                                                        SSDEEP:12:VaKQChe2tvvB0NiG2cN8N3Qj8P401cNw5T:VaKQGe2tvGd2cGdDAAcmT
                                                        MD5:C1A96B7E99515F54359CEC3DFF674A92
                                                        SHA1:37614B6A45A137FA071E29AF6C31D380C1259CEA
                                                        SHA-256:C799E60060DAACC0B74C3790548D1DB6771E5143E0380F8EB5A4A36514913AFB
                                                        SHA-512:CBD6C6219E6FBE4336DCE2ECCC6870D9052785573F96175BC68787AEB17222C6E614BEFBADFB411A0318C3870B92EDF9B46B431979032626C34C9724304BB8B6
                                                        Malicious:false
                                                        Preview:06:45:19.373.INFO.Signaling force websocket stop..06:46:47.190.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:46:56.559.INFO.Socket connected to getscreen.me:443..06:49:11.376.INFO.Signaling force websocket stop..06:49:11.507.ERROR.Socket unable to read..06:49:11.507.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:49:11.507.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251103.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):775
                                                        Entropy (8bit):4.9515891034885104
                                                        Encrypted:false
                                                        SSDEEP:12:MuXKaKEChyUcitvvCTXKQwvBQj8P40ha65nQKbChHXQtvvn:MuXflGUitv6bCDA/SQqGHAtvv
                                                        MD5:B80752C497F3C54611F06FE9B40E1864
                                                        SHA1:C290D60CB61885526E57A50227664FEE8B87C049
                                                        SHA-256:5DB6B0D5D1B81EA4D6181EA84FFF25056E7FF4A7312AA8C729626897E73F8AB9
                                                        SHA-512:AA210E60EA91B32D140ADC2F6540D6D5A9D248DD0678E4BBB3413CC58C7BFFEFB9A6810A624C925A6A408CE8A06614F5CAA87D31B4FB37DDB09FB69219BA51CB
                                                        Malicious:false
                                                        Preview:10:03:51.667.INFO.Signaling force websocket stop..10:06:20.433.INFO.Signaling force websocket stop..10:06:29.423.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:06:36.141.INFO.Socket connected to getscreen.me:443..10:08:53.663.INFO.Signaling force websocket stop..10:08:54.034.ERROR.Socket unable to read..10:08:54.064.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:08:54.074.ERROR.WebSocket connection error getscreen.me/signal/agent..10:11:18.970.INFO.Signaling force websocket stop..10:11:25.079.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:11:31.462.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251106.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1285
                                                        Entropy (8bit):4.994019233902042
                                                        Encrypted:false
                                                        SSDEEP:24:iv2HDAFiG6tvXz26DAjrDGWtvXQr2wDALT:ivqDwDufz/DiO6fQrZDWT
                                                        MD5:42F0A3781DEB81F99E2AB78C64859BF5
                                                        SHA1:DCF55EE72A3D6D8D1370DCFD29833A4E90E9F88A
                                                        SHA-256:6DC057A1B61E46CA9533D0F081FE011E234D6883787D74C621192661BAA8A3BB
                                                        SHA-512:13855FE3B7FDBF088196190537FA9543FBADB1C13CB8F1C632ADB05F3FC826DE22125AF5D182E2B02A30DECEFDBC9CDAD15CCD268F60A2BF18B3479A61EC0506
                                                        Malicious:false
                                                        Preview:13:26:23.156.INFO.Signaling force websocket stop..13:26:27.065.ERROR.Socket unable to read..13:26:27.065.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:26:27.065.ERROR.WebSocket connection error getscreen.me/signal/agent..13:28:36.294.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:29:47.470.INFO.Socket connected to getscreen.me:443..13:30:50.156.INFO.Signaling force websocket stop..13:30:50.436.ERROR.Socket unable to read..13:30:50.466.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:30:50.466.ERROR.WebSocket connection error getscreen.me/signal/agent..13:33:15.502.INFO.Signaling force websocket stop..13:33:24.980.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:33:34.264.INFO.Socket connected to getscreen.me:443..13:35:48.276.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20251108.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.699513850319967
                                                        Encrypted:false
                                                        SSDEEP:3:KfwN3mXINF+WgIO0/Vyn:K62XIX+WgIJUn
                                                        MD5:3DDEED1358E1E3BBAB6FA11A757AC070
                                                        SHA1:91A427A3797675427E2256A403F4AA3E5FC78102
                                                        SHA-256:44ED4ABD98AEBEF3D3044EF734920AFD642EE1EDC67591B46BB4D1DB78FBBBB7
                                                        SHA-512:12458BC5D143C024C757026DA724C14E4B439DD3B6FB99D2A6C46139BD48CD8B12811D09611209FBFBF3110E160E001AFA1443BECCACCB832C93DB8B960165AC
                                                        Malicious:false
                                                        Preview:16:51:09.059.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20251110.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):719
                                                        Entropy (8bit):4.948153785540912
                                                        Encrypted:false
                                                        SSDEEP:12:FmRe2Ch+q+QtvvVX2RVjxQj8P40ZFK5bV2gRWQBCh++Xtvvn:FmRpG+q+QtvNmRVNDAg8bVzwQBG++Xt3
                                                        MD5:00463A726362AF6A9CEBA6FA9389EDA0
                                                        SHA1:2400BEE757CFD2DD1C0E910E8239721633F1848B
                                                        SHA-256:6D2CE3996EC8D644AD16C2B9F0259CF95A3B64D551BA5302DF5736C908C18614
                                                        SHA-512:0880312D452BDCEB228E3BE83BFA7F9234010ADC1B88CC6978E69E16090679E6A27739A73BEFC299C30D323BFB6898DBD8B491AE85DC60A44BD41F529EC76424
                                                        Malicious:false
                                                        Preview:20:05:58.361.INFO.Signaling force websocket stop..20:06:08.544.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:06:13.271.INFO.Socket connected to getscreen.me:443..20:08:32.164.INFO.Signaling force websocket stop..20:08:32.234.ERROR.Socket unable to read..20:08:32.254.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:08:32.254.ERROR.WebSocket connection error getscreen.me/signal/agent..20:10:44.743.INFO.Signaling force websocket stop..20:10:58.832.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:10:59.289.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251112.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1341
                                                        Entropy (8bit):5.0035369227604605
                                                        Encrypted:false
                                                        SSDEEP:24:ibo/dxDAIdib0s2fGImtvADmIlDArVb99GItvOMoJHDApcT:co/vDNkb0sbIKYiIlDEVbKoWHJHD6cT
                                                        MD5:6B0286DAC4992D8AD9F86B04D373DDC1
                                                        SHA1:07C4C72AA68B3CE6C192CCD155CC284A1EA6C5F3
                                                        SHA-256:5B72C74060CE001A5F2EC70A4A08013C7BE2A684D8B8DFCBFF47203B823820E3
                                                        SHA-512:28FE64F1EA104281B216E22B93C688E4B1663604FA3E9B9DD33616520845A31925190C3118ACCE1BB6690E1D826BAEB9DF4FB74F26A578FEBF958041546B7071
                                                        Malicious:false
                                                        Preview:23:27:29.658.INFO.Signaling force websocket stop..23:27:33.524.ERROR.Socket unable to read..23:27:33.534.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:27:33.534.ERROR.WebSocket connection error getscreen.me/signal/agent..23:29:58.496.INFO.Signaling force websocket stop..23:30:00.537.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:30:07.724.INFO.Socket connected to getscreen.me:443..23:32:15.941.INFO.Signaling force websocket stop..23:32:15.982.ERROR.Socket unable to read..23:32:15.982.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:32:16.898.ERROR.WebSocket connection error getscreen.me/signal/agent..23:34:41.468.INFO.Signaling force websocket stop..23:34:48.179.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:34:51.104.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20251114.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.7404851370241845
                                                        Encrypted:false
                                                        SSDEEP:6:yXg5r2XIX+WgIJUlVI2XIXNLD4EQL7V+AN2dzvRWl8Rvvn:yXhvVI2Cha7V+Btvvn
                                                        MD5:AA4119CD0669CB3DC5D43E2FC40B7DF8
                                                        SHA1:9B3988D91526BD2E0775E1DF72E915D1A33028D2
                                                        SHA-256:A3D7B2B2EC78BC59542BD3044586AF2AA65C52C2FE5725285EDF468009F52327
                                                        SHA-512:B0BB3CB3716CDAA72FA8E2200269C3FA8BA1054DCAE30BFF859AF4C5C0085F86DF3685D47AD7FF7570CFB0748CA6F5F5643B517C0B6CC78845BC7E2F67A88C7C
                                                        Malicious:false
                                                        Preview:02:52:31.795.INFO.Signaling force websocket stop..02:53:05.251.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:53:09.050.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251116.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.916215160973443
                                                        Encrypted:false
                                                        SSDEEP:6:hP2XIX+WgIJUqMOud2M0CCQP5K0CEiDNBQEQ4:B2JQj8P40145T
                                                        MD5:498B107C2B9173D6975AFF6F7D55504E
                                                        SHA1:B0EC0BFB166CDF7056B940DC4666A9713610AAC0
                                                        SHA-256:41BD12AA1D99385B32F01A6A9148983FFFEF0BE6C010552F42AA7A946BF6E4F5
                                                        SHA-512:E18A3CB07E4759D83EBEEFB854009ADA7B0FF05EFE7E1D3D99CE42B3777AE345C850E62D107B1283ABA8C70504E3091EB9971B3E107283399F587C0CE471D509
                                                        Malicious:false
                                                        Preview:06:08:11.859.INFO.Signaling force websocket stop..06:09:15.470.ERROR.Socket unable to read..06:09:15.490.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:09:15.490.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251118.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.772505082983201
                                                        Encrypted:false
                                                        SSDEEP:6:4AeXIX+WgIJU2ucr2XIXNLD4EQ8kKr2dzvRWl8Rvvn:Teoucr2ChJkKitvvn
                                                        MD5:E6970E0346660A8122CC5290CFF1B6C0
                                                        SHA1:666EBE9DB4543E6AF22FA097D3481AB6C2421F3F
                                                        SHA-256:BA0DA2A6E98771565C8565561F617653925E67235E88615A84EA127EEA54A953
                                                        SHA-512:6FB3A67825159BDF303E0C2CDB8358BC1FB84B24D6BDA174AA7C39B53FD8F5B6AD5E0D856ACC6EB0FFAA95213A8E34E6AF136E6AA94FAE21B36EB72BE4FF930F
                                                        Malicious:false
                                                        Preview:09:24:47.970.INFO.Signaling force websocket stop..09:25:00.636.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:25:04.915.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251120.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.9613250764483565
                                                        Encrypted:false
                                                        SSDEEP:12:kJK6nzQj8P40RE5ssXChstvvZN2K+898xQj8P40V8K5T:E7nzDAew9Gstv2kKxDA3iT
                                                        MD5:466714A226A6EC08A9787BE1B2961038
                                                        SHA1:D5BD8A5EC6E886714BFA2ED28EE6F11225286C8F
                                                        SHA-256:4535364B6597B530250DE1F0631EC5FA3EB8C3A473E055ACDCE5E50E0D20B305
                                                        SHA-512:0F69DC822B55C6ABB7D918FBC48683E461F0EC4F8167BCDA1D61A0023F084590822AC11729AB18842C21ED70F6B09B64D0D3FC6F26D65C3CB613BD8C32A37DD9
                                                        Malicious:false
                                                        Preview:12:41:07.270.INFO.Signaling force websocket stop..12:41:10.320.ERROR.Socket unable to read..12:41:10.320.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:41:10.320.ERROR.WebSocket connection error getscreen.me/signal/agent..12:42:20.163.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:42:22.851.INFO.Socket connected to getscreen.me:443..12:45:17.257.INFO.Signaling force websocket stop..12:45:17.278.ERROR.Socket unable to read..12:45:17.278.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:45:17.278.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251123.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):139
                                                        Entropy (8bit):4.77010287404271
                                                        Encrypted:false
                                                        SSDEEP:3:KfTG2XINF+WgIO0/VyUkRUL4s2XINFDhL1JDEELD8Kru5:KbG2XIX+WgIJUUV4s2XIXNLD4EQh
                                                        MD5:BD2C19769DDE3EFB181475566A106A98
                                                        SHA1:922B85255DA2462004B69D6E295F61AF34E2FBC6
                                                        SHA-256:EC9D4354993EDFC38EC2BB5997540EEBC0CF335F95FF487D707BEDEE83709160
                                                        SHA-512:354120985FD613A238EDE95E74A9F1B74ED91EE702E909CB69221D5CB6FD120484FB873020BBC901B08A66125A0B490E1B7567CE185D54ED123BFE0DDD41F7D7
                                                        Malicious:false
                                                        Preview:16:01:38.124.INFO.Signaling force websocket stop..16:01:41.477.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20251125.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):5446
                                                        Entropy (8bit):5.011039162239924
                                                        Encrypted:false
                                                        SSDEEP:96:9GjY8q3bANLrGZwgAgbd5P5e+N+yl/+WnY:9GjY8q3bANLrGugAId5P5e+NV/RnY
                                                        MD5:40C9DDC071D59F675772165E072AA535
                                                        SHA1:6282CE1491FD9FD514B3EB94877C3D3DF278FD07
                                                        SHA-256:6E59FCEF3A5BF652DD4868FB4C97F1BFB1992A4823226CA5C28B8994244E21F0
                                                        SHA-512:20F62D0478C7DD320D0B38BF5E7E3FECDF2162E3149B0AA821509352EC2C8F308CAE30373AC9B0A053DE6B2A9A9C1172E6905A664B29181B3E05392B9FE4E9C6
                                                        Malicious:false
                                                        Preview:19:16:20.258.INFO.Socket connected to getscreen.me:443..19:16:20.452.INFO.Signaling force websocket stop..19:16:24.261.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:16:24.271.ERROR.WebSocket connection error getscreen.me/signal/agent..19:17:52.787.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:17:53.029.INFO.Socket connected to getscreen.me:443..19:20:53.634.INFO.Signaling force websocket stop..19:20:53.916.ERROR.Socket unable to read..19:20:53.916.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:20:53.916.ERROR.WebSocket connection error getscreen.me/signal/agent..19:23:19.048.INFO.Signaling force websocket stop..19:23:23.999.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:23:26.224.INFO.Socket connected to getscreen.me:443..19:25:49.102

                                                        C:\ProgramData\Getscreen.me\logs\20251127.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):3191
                                                        Entropy (8bit):4.994108730479632
                                                        Encrypted:false
                                                        SSDEEP:48:hadDDb5YaIlDBbWbdauDXbWvQcbDZb55545apwDibOr9RD7b4YY+kMjDiAT:2Nijy5QQINb4QW3L/T
                                                        MD5:7D76BBC073019B385F4A318D8E9A9CEB
                                                        SHA1:4A9EE647333BEC68385435918E963DCB1AE2C3DA
                                                        SHA-256:F519B93210AED2D087F37D849C815F7E84FED0BCD970504217681D26CBB8D883
                                                        SHA-512:ADC3DF94DB1540C602ADA474FF8C8D2356D6CE14D5C3E8A5B23779FE3A1C366490E8B343C1A0B0BEF6E62E43BEB67E8775C696C1025C4936BBE2D3CAB0995B25
                                                        Malicious:false
                                                        Preview:23:30:37.414.INFO.Signaling force websocket stop..23:30:38.410.INFO.Socket connected to getscreen.me:443..23:30:50.801.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:30:50.831.ERROR.WebSocket connection error getscreen.me/signal/agent..23:32:42.332.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:33:07.646.INFO.Socket connected to getscreen.me:443..23:35:06.157.INFO.Signaling force websocket stop..23:35:06.568.ERROR.Socket unable to read..23:35:06.618.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:35:06.628.ERROR.WebSocket connection error getscreen.me/signal/agent..23:37:07.234.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:38:16.176.INFO.Socket connected to getscreen.me:443..23:39:20.902.INFO.Signaling force websocket stop..23:39:20.952

                                                        C:\ProgramData\Getscreen.me\logs\20251129.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):719
                                                        Entropy (8bit):4.968983918939504
                                                        Encrypted:false
                                                        SSDEEP:12:OTr2VChqKtvvBobNAQj8P40M5HYATFChTXotvvn:OTiVGqKtvpo2DAVHYyGT4tvv
                                                        MD5:EA66EA80EE661FD968DE1003FD3D5F75
                                                        SHA1:5FE401EA9635A11D7F0637E4D7F9427D58CB38C7
                                                        SHA-256:51E053D726A4B9B226BE1688E203D25895FFFC06020BF9BB6C715119FB118384
                                                        SHA-512:70C87611889F3DC5E4735CB0AF3AFDA50EC5F6C30C19FEDF0F945E4FB6B99E440BF104C59B40725A401E61F2F7B15F4D58456F0E8801DC84D05B55C238D3285C
                                                        Malicious:false
                                                        Preview:03:14:17.074.INFO.Signaling force websocket stop..03:16:08.072.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:16:14.120.INFO.Socket connected to getscreen.me:443..03:18:31.688.INFO.Signaling force websocket stop..03:18:39.766.ERROR.Socket unable to read..03:18:39.776.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:18:39.776.ERROR.WebSocket connection error getscreen.me/signal/agent..03:21:05.041.INFO.Signaling force websocket stop..03:22:12.431.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:22:42.505.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251201.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):826
                                                        Entropy (8bit):4.988889110508855
                                                        Encrypted:false
                                                        SSDEEP:12:FTeX7Pq0PqOQj8P4017Pqn5tEUMbCcHmCheOXXtvvB4mwF4Qj8P401w/5T:pa7S0SODAA7S5tEzbCsmGeStvlfDAAuT
                                                        MD5:6587D295499B9A12E7AE1A63EF6CEF16
                                                        SHA1:4D2EA32FA64A43F6478859FB1967DFEE250DA7D8
                                                        SHA-256:EFA5C33125CE1C1BCC2A3F071E989A035C2732709684B7A65E9E3A55191AF9C4
                                                        SHA-512:B4C758021086B9FD55AA281DC385F8705C3AE88F1065DFB2747AC7185904AD5F3254E8A956340591CC0371CD7071B2EB80BA3D6A9BF779CD26D5AA1EC95DE40A
                                                        Malicious:false
                                                        Preview:06:38:50.691.INFO.Signaling force websocket stop..06:39:00.967.ERROR.Socket unable to read..06:39:00.967.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:39:00.967.ERROR.WebSocket connection error getscreen.me/signal/agent..06:41:13.490.INFO.Signaling force websocket stop..06:42:41.968.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:42:45.142.INFO.Socket connected to getscreen.me:443..06:45:07.421.INFO.Signaling force websocket stop..06:45:12.530.ERROR.Socket unable to read..06:45:12.530.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:45:14.361.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251203.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.6637995646056805
                                                        Encrypted:false
                                                        SSDEEP:3:MfXFCr2XINF+WgIO0/Vyn:MvQr2XIX+WgIJUn
                                                        MD5:3A5D924FBD8F1DA6B100721A03B148E7
                                                        SHA1:4020C090352F3AC377A63E26F4C89EE32580663F
                                                        SHA-256:2DFB0AD8241AE69661B85C9241BED29EFA57B5A91C2322FED45BAE50F354BCF4
                                                        SHA-512:9A89CD17ACAA2800D09D2D6D80BC718045C85448620EAC7481AE384CDEF84804F819ABDC58028D0B2EA73BB97DFF48418BC327B7C9C19EE8A9BAA29E0FE07C6C
                                                        Malicious:false
                                                        Preview:10:00:01.387.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20251205.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.997329361047013
                                                        Encrypted:false
                                                        SSDEEP:6:iGdN2XIX+WgIJUUxHX2XIXNLD4EQeUlVdzvRWl8RvvP8Xt2XIX+WgIJUUyMNud2o:ZdQKxHX2Ch3U/tvvP8Xt2KEQj8P40n5T
                                                        MD5:902C8AB83C876F1FD7ADCF69C6FFB98D
                                                        SHA1:394A01911AC71624562EAE299D9A6D7662B295AA
                                                        SHA-256:FFBA80A21C47EC39C19E8B3691217F6515F4A29841EA7A4192F97A232B118870
                                                        SHA-512:AF5E831B0C08618951C1906D8CBD6607C99912CD61289E84964F254FC11967572B1899393B167D8573061062670152D94DB69B74338F20AAE5E1AB448B52FF50
                                                        Malicious:false
                                                        Preview:13:14:44.638.INFO.Signaling force websocket stop..13:14:55.804.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:15:20.490.INFO.Socket connected to getscreen.me:443..13:17:21.204.INFO.Signaling force websocket stop..13:17:21.978.ERROR.Socket unable to read..13:17:21.978.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:17:21.978.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251208.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.727059278832224
                                                        Encrypted:false
                                                        SSDEEP:6:KbXIX+WgIJUURlNXIXNLD4EQDiVtr2dzvRWl8Rvvn:IKZCh4iDr2tvvn
                                                        MD5:87B27133776BE8DF8C5B403CBA643DEB
                                                        SHA1:9D1DF29F2CD0BEB443742C35C623E218E8DE3347
                                                        SHA-256:2746EDB690548C660607A8C811461A521CB7F328B29285F5E7D859AAE570A4C0
                                                        SHA-512:54A5732E4137DD199269BD77734E6FB7BE09C44FE28A66AD062C05802D15A19620D4D3CBAAA6A72F1685F2248ECE33E45A7DA5C5A643BA7236DB7DD2935755D1
                                                        Malicious:false
                                                        Preview:16:33:45.963.INFO.Signaling force websocket stop..16:33:48.403.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:34:10.004.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251210.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.981510119202369
                                                        Encrypted:false
                                                        SSDEEP:6:2as2XIX+WgIJUURzbEMuzbEud2M0CCQP5K0CxzbADNBQEQBJHs2XIXNLD4EQgejE:JXKNgRQj8P404q5U5XChh8mtvvn
                                                        MD5:A672732C407AB3F0E5A913FC351ECC06
                                                        SHA1:73A87BFD4D58DFE1F8B8FAC1C6B65F75FCDC1B58
                                                        SHA-256:AB3EB95CE4A92B1F0957B53BD6138245775CD8BAF5F033338E53E82C72079162
                                                        SHA-512:5E63A7E1361AF4CBD94CFADEBECEE30FBF5D89CBE8CA7FA6F7520C2DF73CDAA2A6D00847FD9E683B8C142BF8DFB5D947F2D2BE940A714D9849D8C82AB83112A9
                                                        Malicious:false
                                                        Preview:19:49:52.755.INFO.Signaling force websocket stop..19:49:55.884.ERROR.Socket unable to read..19:49:55.884.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:49:55.884.ERROR.WebSocket connection error getscreen.me/signal/agent..19:51:58.667.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:52:05.402.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251212.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.991075191254547
                                                        Encrypted:false
                                                        SSDEEP:12:kYwjQj8P40v5bgXCh+5tvvIQYFCFRQj8P40Yq5T:k1DAEbgXG+5tvROgRDAJCT
                                                        MD5:87214A6880B04775F5C393229FDF0C4A
                                                        SHA1:149A83CD8916002D3B819A22D68826689758BDA4
                                                        SHA-256:9888971B061BEC5DC4EAB7088E23FEBC9D354BF19AFFB982A1162C031316B8B0
                                                        SHA-512:CC04961AFE0C3FD727AA804DCC80FB20BB1C2B7FE2A19DE3DEC1062310DB364304E1B5385848136C19FFEBDCDD32339E6DA4865F29A2321FC8E82761CC1005C7
                                                        Malicious:false
                                                        Preview:23:06:59.469.INFO.Signaling force websocket stop..23:07:02.328.ERROR.Socket unable to read..23:07:02.368.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:07:02.368.ERROR.WebSocket connection error getscreen.me/signal/agent..23:08:30.969.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:09:35.913.INFO.Socket connected to getscreen.me:443..23:10:44.805.INFO.Signaling force websocket stop..23:10:44.887.ERROR.Socket unable to read..23:10:44.887.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:10:44.887.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251214.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.6637995646056805
                                                        Encrypted:false
                                                        SSDEEP:3:1NeVXXINF+WgIO0/Vyn:PehXIX+WgIJUn
                                                        MD5:4EC61F6AB64837040C87CA1CAD8DF158
                                                        SHA1:6A4E49598AEC186CD5BFC9B2F039E44820FC1229
                                                        SHA-256:17A10D2A793A6B057FB4A877497101A31466FAB42A2B36A3D43E24C3CF153F98
                                                        SHA-512:36270CAE39C077DF2103391F0754CE0F54F1C70E0ED6BCAF8CC6AD342E29D45B0CFF1932F71681DF6912A36EF49378716012B224788797A170A67E628B58D1E5
                                                        Malicious:false
                                                        Preview:02:25:35.922.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20251216.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.9670220293360705
                                                        Encrypted:false
                                                        SSDEEP:6:0U6Err2XIX+WgIJU6n2XIXNLD4EQmLidzvRWl8RvvpG5iXIX+WgIJU6N3EMsfhuE:z6E2kn2Ch5itvvpDkN3+EQj8P40q5T
                                                        MD5:FAA47B2FAE424F1014130F3EFC93B3DB
                                                        SHA1:ED8A9560A360724432AF4DDC800547F13F5F8AFE
                                                        SHA-256:432F9E69708E8EEF64323337242FA849D8899430E2937F3F8FAEFB0B5A767EEF
                                                        SHA-512:A796E98119F975F7ED6DBF17E9F03832A1D37ED82414D487F5F1C4C623092CF0DEFCC5AC4817C5596B5B243AF56D633C0FD633EA826D853FC890823DC36BC4BB
                                                        Malicious:false
                                                        Preview:05:41:03.157.INFO.Signaling force websocket stop..05:41:53.911.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:42:04.860.INFO.Socket connected to getscreen.me:443..05:44:18.779.INFO.Signaling force websocket stop..05:44:19.080.ERROR.Socket unable to read..05:44:19.120.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:44:19.120.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251218.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.987234016572447
                                                        Encrypted:false
                                                        SSDEEP:12:IK4mo4oXChaNtvv1a9momHmK6Qj8P40J35T:LX0Gqtvda9mPG1DA+JT
                                                        MD5:70AEDFC59F8F425982750A814333AAAC
                                                        SHA1:16536216AA4A606B702DA85FFC3B9C476E178DC3
                                                        SHA-256:011CC36A34B5644B0C0C1B0639650D4F412D55352964159B71378FBEF1DA0E3F
                                                        SHA-512:82270C362369B1B7207B2C4DFCECD4BD638D9447D9F2D736F3641CB2C1100881F4081FB151254EA040A4217E1D28EEAE8C4F34167B8017B91AB39C7A21CB5438
                                                        Malicious:false
                                                        Preview:08:59:57.122.INFO.Signaling force websocket stop..09:01:10.247.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:01:17.852.INFO.Socket connected to getscreen.me:443..09:03:41.361.INFO.Signaling force websocket stop..09:03:41.633.ERROR.Socket unable to read..09:03:41.663.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:03:41.673.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251220.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.686033716352762
                                                        Encrypted:false
                                                        SSDEEP:3:OfUdfeS1XINF+WgIO0/Vyn:OMfeyXIX+WgIJUn
                                                        MD5:8FCC2E79DCCBF503EF4E9D0BE4D534F7
                                                        SHA1:FB52BF395E8C0802227E340B0231105E7213DC68
                                                        SHA-256:FC9D4353E51A785F75C0D59F52F1235054984368F81C29FF2DC5CC14C014FEAE
                                                        SHA-512:553EF7E17D97C905B44205705FF73645EF9AC3D93FFA2CF12A17B14E3EE18F909BFB917D8D85EF468C5DD182179A062205847CA0B9A22AAE4C225A4FFE4ED88C
                                                        Malicious:false
                                                        Preview:12:18:32.718.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20251223.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.9875532468945005
                                                        Encrypted:false
                                                        SSDEEP:6:sSE2XIX+WgIJUUaMAXIXNLD4EQ5s2dzvRWl8RvvJ6TXXIX+WgIJUU7OqHMeOqHug:I2KaTCh+XtvvwbK7dkQj8P40UV5T
                                                        MD5:4180953C087BA2CF5569B5298AC8BF52
                                                        SHA1:12F9195DADD92BB180906B963AE40FFE34B793BA
                                                        SHA-256:94312D70C8951B311BDB5147EE431EC1E44C6521D7DC4EBEDF200587B04AD430
                                                        SHA-512:D7CAF49755D3C38AA4AB348F3C67549AA805B4944AA13BDE1AA36F6438FBE01D5345F48B70565B72D3F1B8BE2F6E7457C74A5DCA46F50079EC66C47D0074688F
                                                        Malicious:false
                                                        Preview:15:33:52.774.INFO.Signaling force websocket stop..15:35:06.942.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:35:09.215.INFO.Socket connected to getscreen.me:443..15:37:30.490.INFO.Signaling force websocket stop..15:37:30.661.ERROR.Socket unable to read..15:37:30.661.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:37:30.661.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20251225.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:EfQXPocmrjqXXINF+WgIO0/Vyn:EawLrWXXIX+WgIJUn
                                                        MD5:C82179BC4A8946BD2B90630F9D5F859B
                                                        SHA1:CE484E493B0F5F8CC5728B9A4852BED92684F586
                                                        SHA-256:DDB0D2D18C906B3C7481BEBF7D4C1E0AC52952D07415122CF5C2BAD2D6C84C85
                                                        SHA-512:25459E8752A4192DA811B3F835045060177CFE9A1ADB26467CD72237AEB66141A29CC6761A43C773A84E3CEBBB5408FC7F1A4F43ACEF85B03CEFE92CAC9558C1
                                                        Malicious:false
                                                        Preview:18:52:44.991.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20251229.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.763077523590091
                                                        Encrypted:false
                                                        SSDEEP:6:g29zXIX+WgIJU+/yPr2XIXNLD4EQXqXdzvRWl8Rvvn:f9zgaD2Ch1tvvn
                                                        MD5:3C2AF9CC6AD435BF8804328CF7F83838
                                                        SHA1:A9A8575507D47E686E1320F646FC1419D462EE0E
                                                        SHA-256:826B39E08646BFC6B9D4EA211DCD7ADEA950343E45D91B4DF911447936DFD69E
                                                        SHA-512:DC393DD19D4B04C8585225034CFC3ECFA75B20E8D95AE067633285F9A4E9BFFA63B10C6D90D6DBE1BFDEF37B89E2931EA6AD1FF10EE72D49506B2B6104BF5306
                                                        Malicious:false
                                                        Preview:01:21:51.498.INFO.Signaling force websocket stop..01:21:51.866.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:21:56.861.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20251231.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.958460086608252
                                                        Encrypted:false
                                                        SSDEEP:6:FGKiXIX+WgIJU5yEMTyEud2M0CCQP5K0CGlyADNBQEQ4:BiOkRQj8P40sq5T
                                                        MD5:64E722F4D0B359D6B605B53C2D92CF93
                                                        SHA1:91F4994EEE2A45DA46828BC7B39FA39530CEB24B
                                                        SHA-256:F464E39662A42A4B3BF30282F09E1E3334243467058567CD17C645D158ADD218
                                                        SHA-512:2F27C8FE86FC196B59D5DBF2AEAA8BAB5E8E190A6F7A225412310CAFCFFDE7933B974965BF3590C05DC5EBE470A88A8B0F3BB6F3DC704CA1B3BB328474EE7F81
                                                        Malicious:false
                                                        Preview:04:37:18.810.INFO.Signaling force websocket stop..04:37:20.649.ERROR.Socket unable to read..04:37:20.649.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:37:20.649.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260102.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.964022986977681
                                                        Encrypted:false
                                                        SSDEEP:6:SQfTR2XIX+WgIJU4bKGs2XIXNLD4EQMk4idzvRWl8RvvspWsn2XIX+WgIJU4dpgs:SkTR2B2ChARtvvsUs2CtFGQj8P40QP5T
                                                        MD5:C23E775FE902845AFFCFEAB17F17F347
                                                        SHA1:B84538BD83E441684A7170F641A2F8BFC78F4B68
                                                        SHA-256:C2750C64B242CDA14361E8EB88E76ABEE41C83250C02ECD5861935FF4956EC19
                                                        SHA-512:D0697EA62E8BE25A6C2639A0BA26FD0D275EA9E06403E0BD3D6B1DA14ED1F080CE7E5D99E752577A0853D493912F3F2B4A82D99CE9149E88E5501FB1FF92C504
                                                        Malicious:false
                                                        Preview:07:51:59.184.INFO.Signaling force websocket stop..07:53:09.370.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:53:09.832.INFO.Socket connected to getscreen.me:443..07:55:33.057.INFO.Signaling force websocket stop..07:55:33.188.ERROR.Socket unable to read..07:55:33.188.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:55:33.188.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260104.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):571
                                                        Entropy (8bit):4.954353457936728
                                                        Encrypted:false
                                                        SSDEEP:12:FiX2KWNn2ChLmtvvBDKKvJRQj8P406WJq5U25:Fi2FN2GLmtvJDPvbDAW4v5
                                                        MD5:E73C891FA99A0D69D8B14C9F15029D6C
                                                        SHA1:6313A6EA704627BF508F402E0F212A57B51FA50E
                                                        SHA-256:5D665A93F89D5ADB157469E9289FF8E1DB6F0FB7B13A8256CF65C015F530BE98
                                                        SHA-512:7273C310C63B7F80569319BBC943DAC9457154C7377319DC805D50FF6314713272081BF9B4CC21BBE2663C5F1F5C593D6B1C27F64F063C34B27B7EB528C7F52C
                                                        Malicious:false
                                                        Preview:11:10:16.926.INFO.Signaling force websocket stop..11:11:00.954.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:11:06.328.INFO.Socket connected to getscreen.me:443..11:13:26.133.INFO.Signaling force websocket stop..11:13:26.204.ERROR.Socket unable to read..11:13:26.244.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:13:26.244.ERROR.WebSocket connection error getscreen.me/signal/agent..11:15:39.344.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260107.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1545
                                                        Entropy (8bit):4.975550652567821
                                                        Encrypted:false
                                                        SSDEEP:24:DMGltvweyFcDA3TqXciGMKtv9CSODAB5zP9XGDtvfWDAJT:VXo3FcDcTqMDM+SDCZ2J2D4T
                                                        MD5:7A55A07D6E5395260C35982B0D8757C8
                                                        SHA1:DCF2EAD32C71B3725DB32A66F142FDEDB4F3E3EA
                                                        SHA-256:FA40500DD5855309310196A6657AF5B1B7CEA8A782ADA7DD5D3283E3F55B8C90
                                                        SHA-512:6B66A500F4B96F992442C38BEF7E5CE71972497237018F8BA75E50385E47BDDC92B373FFEAB8B75837E6C201F8E1D3363A541A6AC0A9753268B07246266A8261
                                                        Malicious:false
                                                        Preview:14:30:36.134.INFO.Signaling force websocket stop..14:31:00.160.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:31:09.574.INFO.Socket connected to getscreen.me:443..14:33:25.120.INFO.Signaling force websocket stop..14:33:25.200.ERROR.Socket unable to read..14:33:25.240.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:33:25.240.ERROR.WebSocket connection error getscreen.me/signal/agent..14:35:50.383.INFO.Signaling force websocket stop..14:37:16.195.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:37:27.637.INFO.Socket connected to getscreen.me:443..14:39:39.402.INFO.Signaling force websocket stop..14:39:40.033.ERROR.Socket unable to read..14:39:40.043.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:39:40.043.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20260109.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.731091450553267
                                                        Encrypted:false
                                                        SSDEEP:6:E9xS2XIX+WgIJUUEEX2XIXNLD4EQhESss2dzvRWl8Rvvn:E9xS2KVmChNSsXtvvn
                                                        MD5:A0C15BB8098587B4FD9C1A0EAC7B7518
                                                        SHA1:DEC3BD0A473C3AD96506D094282F040D8F23CD48
                                                        SHA-256:42CA2F8D7B8B0599B87ED49DE218D8FAA3ADE7DAD366B3038EC2E660B527B7DE
                                                        SHA-512:3777326C18B121F18AC2EE1B05D97201758B6423FF63343C61890D57B65B8E68A0CF7C729246AC14CC7CABB866801D9CEBE6623F08A5FD1ECD6EA7CB27BA844F
                                                        Malicious:false
                                                        Preview:18:01:11.336.INFO.Signaling force websocket stop..18:01:13.087.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:01:21.207.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260111.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1744
                                                        Entropy (8bit):4.9948608365054685
                                                        Encrypted:false
                                                        SSDEEP:24:BtDAqbs2GnXtv7al9/DAEUb9GmtvpAI+IxDA5IibWWGatvwHxDAKT:nDTbsvndjo9/DHUbAK5DibOOIxDXT
                                                        MD5:5568E8F766D22169159588AFB95CF241
                                                        SHA1:D8A074F3B78B6AB6F6E9EFE069AD02E7776523D2
                                                        SHA-256:CA8C1AD5AA0FA6C0026EC7F8C64651B85767BC480DDC090D7BF293CEED442640
                                                        SHA-512:92827581409E0149C6A6E2D855787494EDE093A7B0F0E6FE2539A61B0CB232ADE4CE4A8A758D760A05353D174322672BC54117AA65822232639E0DAB1D3A118F
                                                        Malicious:false
                                                        Preview:21:17:23.685.INFO.Signaling force websocket stop..21:17:26.154.ERROR.Socket unable to read..21:17:26.154.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:17:26.154.ERROR.WebSocket connection error getscreen.me/signal/agent..21:19:41.876.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:20:44.355.INFO.Socket connected to getscreen.me:443..21:21:55.707.INFO.Signaling force websocket stop..21:21:55.778.ERROR.Socket unable to read..21:21:55.778.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:21:55.778.ERROR.WebSocket connection error getscreen.me/signal/agent..21:23:44.553.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:23:47.242.INFO.Socket connected to getscreen.me:443..21:26:09.234.INFO.Signaling force websocket stop..21:26:10.637.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20260113.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):719
                                                        Entropy (8bit):4.936641684622973
                                                        Encrypted:false
                                                        SSDEEP:12:kg2K+v2ChJXXtvvEKfuQj8P40EH5YXsrXQChQtvvn:kg2K+v2GJntvcKWDAl/DQGQtvv
                                                        MD5:6770C8817999EA393BCFA7A7EDCE808F
                                                        SHA1:8405729C6BF7216C01E170D5F1B2301982FAF2B7
                                                        SHA-256:B85E13147350DC5DDE36C5777FAE58412FFC9F4031F98F713FF52EB010F10941
                                                        SHA-512:E499B0EA5A2747C534B49E79EAAABE61C268F6D80F9AB911FF3BF5535352DCD3E33CA3E4288E1972CD073BDF249F5DCD91CA7F61CEE3F7EC14A032ACB19EF0C0
                                                        Malicious:false
                                                        Preview:00:48:53.406.INFO.Signaling force websocket stop..00:50:09.156.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:50:16.309.INFO.Socket connected to getscreen.me:443..00:52:34.112.INFO.Signaling force websocket stop..00:52:34.383.ERROR.Socket unable to read..00:52:34.413.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:52:34.413.ERROR.WebSocket connection error getscreen.me/signal/agent..00:54:48.037.INFO.Signaling force websocket stop..00:55:57.082.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:55:57.771.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260115.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.9403221316151065
                                                        Encrypted:false
                                                        SSDEEP:6:jLXCsXXIX+WgIJUJekMjekud2M0CCQP5K0CGlegDNBQEQYR/VWXIXNLD4EQN/V8w:3XvXFQj8P40b5HwChM2itvvn
                                                        MD5:E41C7299339ADA0AE24CA020B9351CF4
                                                        SHA1:977F5AB3ECAEBAB8441836053D52C67D79BDD511
                                                        SHA-256:135E2A77A7B2A20B34759F31CE0066DC5458C329BCC4507D3BA48F3210B71488
                                                        SHA-512:B9DD4FFDA3D402AB87CD20E7AA3E558B08168E88122FF0CF1E615AF074812937D903529DA66CC55F99619C90F2A523F0439025EA54FDF2EF53A06D53C2002343
                                                        Malicious:false
                                                        Preview:04:11:28.252.INFO.Signaling force websocket stop..04:11:30.372.ERROR.Socket unable to read..04:11:30.372.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:11:30.372.ERROR.WebSocket connection error getscreen.me/signal/agent..04:13:01.379.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:13:03.642.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260117.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.954456509444791
                                                        Encrypted:false
                                                        SSDEEP:6:S/XXIX+WgIJU4/fyMufXfyud2M0CCQP5K0CNf2DNBQEQ4:S/lrQj8P40g85T
                                                        MD5:71D7B43E72DB814F254D99683194C3FA
                                                        SHA1:C20CC7A3F51DB36B9B00917A753CC9AFC7AEDE0D
                                                        SHA-256:87BB2CBC4D5B6AA749F2F6C82B7F3944941A20058CF37E9BA4AB9877692D4C52
                                                        SHA-512:D9910042D86DF62F647E8EE42389300BE66B0D9BA9A5562D52704EE31326EDEF8517B4F2BEF410F63B928F2C3AA8F55E1BBCFBDF031717E35B5E511020D3798C
                                                        Malicious:false
                                                        Preview:07:28:03.341.INFO.Signaling force websocket stop..07:28:04.945.ERROR.Socket unable to read..07:28:04.945.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:28:04.945.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260119.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2143
                                                        Entropy (8bit):4.990920719084421
                                                        Encrypted:false
                                                        SSDEEP:24:M7RGutvu/DA7j8P2Gftv2i9DA2jRK2mGWtvcdhBxDAtBi+mhGN2tvojDAgrQAmGY:FCaDijwv1RD7jRKK6oDP6AcDtrFfY
                                                        MD5:8C9474548547C5F60E5DE8511E85128C
                                                        SHA1:ACE63A9219BFF2000B7C70606A8404874A461C42
                                                        SHA-256:51AD5BE2AB61DBF7EB1D0FB7DF62138C5AAFC3D7B7CBD18823C8D69D466F5AD1
                                                        SHA-512:49E4432E7B3A77E6BF14F82FB81D75A2C1D870428ACCA07A52A4B58A49B705F05B2F56E57586EA962DEAF4CB92F6293DD5425491D7CAFC05050FA7C3148A1A62
                                                        Malicious:false
                                                        Preview:10:44:13.025.INFO.Signaling force websocket stop..10:44:13.884.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:45:14.488.INFO.Socket connected to getscreen.me:443..10:47:39.543.INFO.Signaling force websocket stop..10:47:39.734.ERROR.Socket unable to read..10:47:39.734.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:47:39.734.ERROR.WebSocket connection error getscreen.me/signal/agent..10:50:01.211.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:51:03.028.INFO.Socket connected to getscreen.me:443..10:52:15.135.INFO.Signaling force websocket stop..10:52:15.596.ERROR.Socket unable to read..10:52:16.258.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:52:16.268.ERROR.WebSocket connection error getscreen.me/signal/agent..10:54:41.516.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260122.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):464
                                                        Entropy (8bit):4.995122981095206
                                                        Encrypted:false
                                                        SSDEEP:6:IA4FGs2XIX+WgIJUUIl4X2dzvRWl8RvvTyKqHud2M0CCQP5K0CA7DDNBQEQobXId:IIXKn2tvvTXQj8P40X7n5bbKTChY
                                                        MD5:E233AD66EC9C54C6430C74F0A73EB189
                                                        SHA1:C9F7DFFE11FD8C1FA44E87F0ACE2D246E194700D
                                                        SHA-256:A41DF5600D552A273FF4A6F66E0159439216B994B089A84507F78E493546BCBF
                                                        SHA-512:BFAB8BB3C864DCE57CB721AAB5C7375C1EF0F31041244679352E0A09321704B2E92F1ABE215F8A13FE89B4138186A29175A566E911A06ED7FAABDCF38DC118F8
                                                        Malicious:false
                                                        Preview:14:24:37.550.INFO.Signaling force websocket stop..14:24:41.706.INFO.Socket connected to getscreen.me:443..14:24:52.705.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:24:52.919.ERROR.WebSocket connection error getscreen.me/signal/agent..14:27:17.072.INFO.Signaling force websocket stop..14:28:52.459.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20260124.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):5567
                                                        Entropy (8bit):5.01092918540955
                                                        Encrypted:false
                                                        SSDEEP:48:p9KkDvbEA8DNkQA20fDJY0ydkDhP//aID9Dv5HDDc20EaDQI2ofDsavrHpFD1uuJ:7bWkP2QlymPTrF99I2NAoxC+F8pR
                                                        MD5:0B32A5450C0AACC65D688E9C82751BF8
                                                        SHA1:7918C568B2DB60DC51B3C369875F91ED83A8F799
                                                        SHA-256:4FEF02F5455F4ECF64FB2E9964CEF776D2DB1000EFB5410FAC632265BE513ACC
                                                        SHA-512:220CBFB95C20CE15405C36A1CAF06D34A5FBC0F3BBC67476700870EF65A982ABE7526FF23B700804C75E23FD8AE3E3E897723773379D2B2EEA3E3A4E0AC5E879
                                                        Malicious:false
                                                        Preview:17:43:41.638.INFO.Signaling force websocket stop..17:43:42.009.INFO.Socket connected to getscreen.me:443..17:43:55.789.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:43:55.789.ERROR.WebSocket connection error getscreen.me/signal/agent..17:46:41.045.INFO.Signaling force websocket stop..17:48:42.117.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:48:51.493.INFO.Socket connected to getscreen.me:443..17:51:07.174.INFO.Signaling force websocket stop..17:51:07.615.ERROR.Socket unable to read..17:51:07.616.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:51:08.725.ERROR.WebSocket connection error getscreen.me/signal/agent..17:53:33.425.INFO.Signaling force websocket stop..17:54:01.551.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:54:31.048.INFO.Soc

                                                        C:\ProgramData\Getscreen.me\logs\20260126.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):918
                                                        Entropy (8bit):4.990296236746017
                                                        Encrypted:false
                                                        SSDEEP:24:pcsWpWkDADWbbThG5amtv/DbejDAnAb+iGytvv:ps4kDNbbY5aKDKDpb+DW3
                                                        MD5:79C665369B072B7B2761D125C94712DC
                                                        SHA1:CBA28C8C9F5C2511CB21B68AA95EB03CA0EA0183
                                                        SHA-256:C0641C4ED9F4683E38BF1249CD73E87B3AC32DC00F2F436818DB2759DA2247F7
                                                        SHA-512:65807A86C5A6BF534A2E604919E1E901F02C41DDFF02534620F9843416FE8890FAD4C8A1FE56706C4151284704E365053417C4CCC58FE89677031DA2730CEF27
                                                        Malicious:false
                                                        Preview:21:59:30.431.INFO.Signaling force websocket stop..21:59:33.761.ERROR.Socket unable to read..21:59:33.761.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:59:33.761.ERROR.WebSocket connection error getscreen.me/signal/agent..22:01:35.594.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:02:38.087.INFO.Socket connected to getscreen.me:443..22:03:49.524.INFO.Signaling force websocket stop..22:03:49.604.ERROR.Socket unable to read..22:03:49.645.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:03:49.645.ERROR.WebSocket connection error getscreen.me/signal/agent..22:05:30.478.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:05:39.893.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260128.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.94509524789847
                                                        Encrypted:false
                                                        SSDEEP:6:gH2XIX+WgIJU+/VkEMofXVkEud2M0CCQP5K0CLVkADNBQEQYGgQXIXNLD4EQI4m5:y2gO6ORQj8P40WWq5kgQChsmtvvn
                                                        MD5:56995D18753142848E8525CE7BD96A13
                                                        SHA1:1BB62AE742709C834DCFFC15DE3BE6E192AF809B
                                                        SHA-256:A62CBDC09FDEA8AAEDFE6C05777A4E724814AC0DBD2989D24DB124A080124006
                                                        SHA-512:C9F427960CC49BF8982FAB8415C94AC25B787F9736AF700F60A668D0A8B9EC41FCE23DBEDAF74EF146B6BC7F77FD187B78DD2AF56507FBA6E825B7EA3E6C587B
                                                        Malicious:false
                                                        Preview:01:22:10.731.INFO.Signaling force websocket stop..01:22:16.682.ERROR.Socket unable to read..01:22:16.682.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:22:16.682.ERROR.WebSocket connection error getscreen.me/signal/agent..01:23:11.990.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:24:15.203.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260130.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.981852151322697
                                                        Encrypted:false
                                                        SSDEEP:12:zTjkQj8P40A5ZXCheOtvv1wmV46Qj8P40fb5T:/jkDAZZXGeOtvNfV46DAQtT
                                                        MD5:689308FC7D479B9DB0B11C98D6BFC8C4
                                                        SHA1:D98387128C6AF3EAF7A97687A1930B2CF2FE36A6
                                                        SHA-256:3E1E6C9A6ECF84EAFDAA1498B7F309502EE8F550E8B9B99D94883E028430105C
                                                        SHA-512:37AAC9F42BFCEF5A48682A665A8B006C0F36419833FB82CA30C9219BA7FF52233E689B1DACB219D29291607B3FB3E5C14417BACBE171475D165A60D4C9A535A9
                                                        Malicious:false
                                                        Preview:04:38:50.692.INFO.Signaling force websocket stop..04:38:53.611.ERROR.Socket unable to read..04:38:53.621.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:38:53.621.ERROR.WebSocket connection error getscreen.me/signal/agent..04:40:28.498.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:40:32.113.INFO.Socket connected to getscreen.me:443..04:42:52.727.INFO.Signaling force websocket stop..04:42:53.328.ERROR.Socket unable to read..04:42:53.328.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:42:53.328.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260201.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.79829491106575
                                                        Encrypted:false
                                                        SSDEEP:6:SQgXXIX+WgIJU4MR2XIXNLD4EQP2dzvRWl8Rvvn:SbT2ChFtvvn
                                                        MD5:9B454049C57B098DBC0DA100936EB15A
                                                        SHA1:2FDC0BB44CE2F61983A4EADD7853CE5166D9E532
                                                        SHA-256:B9BD4D81E96D27B14765E7E495728A642617F24252E429D51ECF81C36B1F93DA
                                                        SHA-512:88E2B014A4BE205374749BC9ED19C6DAD71C7778A2B533EC31E80D43F635FD74151659D04853FFBCD269D7D57B37A803739E8B4CAE4C94DC5748E5E13924C736
                                                        Malicious:false
                                                        Preview:07:57:36.538.INFO.Signaling force websocket stop..07:58:39.606.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:58:45.218.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260203.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1030
                                                        Entropy (8bit):4.9795962586066
                                                        Encrypted:false
                                                        SSDEEP:24:O2YSu6SlDAdSOq1wGDtvPXXDAkVAGHtvTEr5:OZHDkAJHHDTVdNbu
                                                        MD5:FD7BD0DB319E9309A2587844DA291394
                                                        SHA1:EA1764ED05CE46F671AC6CAE3A772E24E64CA18E
                                                        SHA-256:6275D75C59629A62E503C0AA01416B77E31FE7EC627E0B22A55E5EE826B5BC52
                                                        SHA-512:C61F59DD402D99A81FCAD1F39FA370EE17F0FF018B5412B2C9C6D91D43AABE9D02406995B57ACAE1F23A2B796F8B8E8040CC1860462296C42019C0776B1E07B2
                                                        Malicious:false
                                                        Preview:11:13:46.966.INFO.Signaling force websocket stop..11:14:00.765.ERROR.Socket unable to read..11:14:00.795.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:14:00.795.ERROR.WebSocket connection error getscreen.me/signal/agent..11:16:14.914.INFO.Signaling force websocket stop..11:17:17.374.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:17:22.543.INFO.Socket connected to getscreen.me:443..11:19:41.837.INFO.Signaling force websocket stop..11:19:42.188.ERROR.Socket unable to read..11:19:42.238.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:19:44.700.ERROR.WebSocket connection error getscreen.me/signal/agent..11:21:53.588.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:21:59.391.INFO.Socket connected to getscreen.me:443..11:24:18.142.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260205.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):862
                                                        Entropy (8bit):4.947787767996665
                                                        Encrypted:false
                                                        SSDEEP:12:I1osdxQj8P40Km5gChutvv0KI6Qj8P402b5S2Ch8jl2tvvn:+vDAMgGutvsSDAXxG8x2tvv
                                                        MD5:5175CBB4856571309677077A0BCD3A61
                                                        SHA1:DB19CAB78ADF86BFA8FF96590DFEB45596492401
                                                        SHA-256:172813C8EEF7E46A54E542ECEC2A6278CC5DBC92CC41E6BEEF393F4837B8B817
                                                        SHA-512:37DE9B60E61FE2159FE5204A422F383B820A530357CF06DF611989B3C8917DFE8CF4628EDFDC9B5D2DC29BA7C48CA81A653D01ECD562E614F37DA1D91C4FD897
                                                        Malicious:false
                                                        Preview:14:38:45.904.ERROR.Socket unable to read..14:38:50.073.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:38:50.093.ERROR.WebSocket connection error getscreen.me/signal/agent..14:40:55.032.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:42:03.795.INFO.Socket connected to getscreen.me:443..14:43:09.148.INFO.Signaling force websocket stop..14:43:09.448.ERROR.Socket unable to read..14:43:09.469.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:43:09.469.ERROR.WebSocket connection error getscreen.me/signal/agent..14:44:59.970.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:45:04.226.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260208.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.945607702207769
                                                        Encrypted:false
                                                        SSDEEP:6:E9rkiXIX+WgIJUUEkMBjEud2M0CCQP5K0CkjADNBQEQKsXXIXNLD4EQn2dzvRWlG:E9rkiKgRQj8P40fq5aChO2tvvn
                                                        MD5:6F30899F1CD816A4494FDF34F7E3B3C0
                                                        SHA1:D13BCDE2BC1780F7548B34D7746E004F134395F7
                                                        SHA-256:89975DBC29374AED7ADE37441820AB8BE3B11EA863E427B4FB432A95CF865E16
                                                        SHA-512:BF04B08772CC4F0A76CB8E63D08F89166B9E9FE8F0FD27EF3812914E318664BAFB66F9186408A6781BA827622BCFE06D9ECE3644E59108A4078D0991900B7429
                                                        Malicious:false
                                                        Preview:18:01:08.949.INFO.Signaling force websocket stop..18:01:13.329.ERROR.Socket unable to read..18:01:13.369.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:01:13.369.ERROR.WebSocket connection error getscreen.me/signal/agent..18:02:42.410.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:02:42.610.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260210.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.940757400564407
                                                        Encrypted:false
                                                        SSDEEP:6:VyiXIX+WgIJUEM9kMCM9kud2M0CCQP5K0C662DNBQEQad32XIXNLD4EQNmidzvRB:ci57xQj8P40YU5bd32Chytvvn
                                                        MD5:323D1DAA8CF7ABCC9FFA968B00A4346D
                                                        SHA1:5BFF30679FEE46E4745B1B2A761371F9ADAED6EA
                                                        SHA-256:0574941360C88B062D5040E7F48BD1F575CEF40B8DE68BD81825A509F941204E
                                                        SHA-512:ABEE0DE504AEA5402E6F031D929F399F83B1D49477BF155B98F2D9C74A1F50D58FE8CB803DC1C6B6EF62FB52E3BBBCBEFEA6EBCB2CA6ED9D87B4E19992EFE96B
                                                        Malicious:false
                                                        Preview:21:17:52.292.INFO.Signaling force websocket stop..21:17:52.550.ERROR.Socket unable to read..21:17:52.550.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:17:52.551.ERROR.WebSocket connection error getscreen.me/signal/agent..21:19:20.904.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:19:21.593.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260212.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1229
                                                        Entropy (8bit):4.9176322217102575
                                                        Encrypted:false
                                                        SSDEEP:24:oYxDAmAGF2tvAK6rKDADd0Gd2tvfZDAoK5T:o+D/dI9DopQZDU5T
                                                        MD5:AFA02F6599F5DCE25E89C90895393802
                                                        SHA1:AB412CD23A2FC800E687D28C21AEFBFF35CB6CE7
                                                        SHA-256:40ED3D3763D9F12A3B379AA9483F583E549E5A8ACE93E7357ADA559CC2A18F17
                                                        SHA-512:8AB4366FC3EB3C12396C0F5DDB66A15213500B0FEAA2087AC43362070F73B6A9611A7BBA8DE945299950DFC53F9CCA053EF08FE466BCFA7B48F3B39E29FE6B73
                                                        Malicious:false
                                                        Preview:00:33:58.895.INFO.Signaling force websocket stop..00:34:00.554.ERROR.Socket unable to read..00:34:00.554.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:34:00.554.ERROR.WebSocket connection error getscreen.me/signal/agent..00:35:46.758.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:35:47.459.INFO.Socket connected to getscreen.me:443..00:38:06.729.INFO.Signaling force websocket stop..00:38:06.890.ERROR.Socket unable to read..00:38:06.890.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:38:06.890.ERROR.WebSocket connection error getscreen.me/signal/agent..00:40:08.604.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:40:08.618.INFO.Socket connected to getscreen.me:443..00:43:08.657.INFO.Signaling force websocket stop..00:43:08.738.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20260214.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1637
                                                        Entropy (8bit):4.970957043135421
                                                        Encrypted:false
                                                        SSDEEP:24:OMUG6aXtvWmADAxBG0REtvDXvWRDA+CzGiitvz29DA2e12NFG+aXtvv:OG6adOlDIM0RkDcDqKFLcDHe1Mo+a3
                                                        MD5:18EB37FB1D0063BAB3E7562945AD3666
                                                        SHA1:A1AAD5AA4459CF5FE348E658DDDD28A73DD12021
                                                        SHA-256:8E43F5BE313C107EC08DC73D97A9D46FBD94537156D6AE5AD3EE3B19076701C1
                                                        SHA-512:8EBE12C62C484C5AE74DDBA5E55B094085B086B70958930EA4550A48B58FA9A50CB312E9BA510CB0FDE95E57791A8E12AA5B9918EBB1FD6410E43BDA2A59C11F
                                                        Malicious:false
                                                        Preview:03:58:29.093.INFO.Signaling force websocket stop..03:58:45.090.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:58:49.355.INFO.Socket connected to getscreen.me:443..04:01:09.245.INFO.Signaling force websocket stop..04:01:09.566.ERROR.Socket unable to read..04:01:09.606.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:01:09.606.ERROR.WebSocket connection error getscreen.me/signal/agent..04:02:49.231.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:02:53.448.INFO.Socket connected to getscreen.me:443..04:05:13.567.INFO.Signaling force websocket stop..04:05:13.837.ERROR.Socket unable to read..04:05:14.369.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:05:14.369.ERROR.WebSocket connection error getscreen.me/signal/agent..04:06:59.757.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260216.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.966416918153055
                                                        Encrypted:false
                                                        SSDEEP:12:SLnRsQj8P40gd5Fn2ChGR2tvv0itPQj8P40T5T:mRsDAJF2GDtv8itPDAUT
                                                        MD5:86C0C72C05384AD68305A177298CC2E8
                                                        SHA1:7C2FD9EB7D580A432939D2E0477A8946AA2ADDBA
                                                        SHA-256:47D78FCFBD5FB213FB41CF0BD1490F235C8FE13CD75E0C390DB42D949E8447F2
                                                        SHA-512:CAA8479532EC58FC998E102CC260BD8A64EC830789F48E80E8E11FDB5FE49008EA1D218D593BA37899E29D502AA68FB57C9D3F4F29196E97F727D843847A0C7A
                                                        Malicious:false
                                                        Preview:07:27:05.377.INFO.Signaling force websocket stop..07:27:08.676.ERROR.Socket unable to read..07:27:08.727.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:27:08.727.ERROR.WebSocket connection error getscreen.me/signal/agent..07:28:40.414.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:28:47.114.INFO.Socket connected to getscreen.me:443..07:31:05.397.INFO.Signaling force websocket stop..07:31:05.458.ERROR.Socket unable to read..07:31:05.498.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:31:05.508.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260218.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):5130
                                                        Entropy (8bit):4.991790737583596
                                                        Encrypted:false
                                                        SSDEEP:96:2+jispMjIUjFC5LPyeo5PzrT7JbKHuS70+n+I+:2+jispMjIUjFC5LPyeo5PzrT7JbKH570
                                                        MD5:4DF623CD024BE2593007AE59C23DE3AF
                                                        SHA1:67D9C52D613DB9ED6144A3CDB078D6AC625F4B92
                                                        SHA-256:D7F2E25141E6A103DC0010D58DAF1B8384CDEAAC8A7190CD5E4748AD51859698
                                                        SHA-512:346A4614D54CEB57093C534BAFFC46C17388BD118D9B5B4264FDA9AAF4B1DFBCC829ACED8B6C6E1EFE7191CD96D31E5835A58E2E65A165D906C8E40458E77C1E
                                                        Malicious:false
                                                        Preview:10:46:42.524.INFO.Signaling force websocket stop..10:46:52.778.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:48:01.794.INFO.Socket connected to getscreen.me:443..10:49:06.636.INFO.Signaling force websocket stop..10:49:06.877.ERROR.Socket unable to read..10:49:06.927.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:49:06.927.ERROR.WebSocket connection error getscreen.me/signal/agent..10:50:50.381.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:51:00.189.INFO.Socket connected to getscreen.me:443..10:53:15.773.INFO.Signaling force websocket stop..10:53:15.853.ERROR.Socket unable to read..10:53:16.284.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:53:16.284.ERROR.WebSocket connection error getscreen.me/signal/agent..10:54:11.827.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260220.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):826
                                                        Entropy (8bit):5.0012910614665
                                                        Encrypted:false
                                                        SSDEEP:12:IWK/sksBQj8P40cs650XKOEXChI+tvvemKMQj8P40l4U5T:7lnBDAgS0XqG7tvJNDAs4AT
                                                        MD5:B79FD68303B3519D82EB534731FD786B
                                                        SHA1:01163894A28A15930EACA512E7D7D9E5BF920EC5
                                                        SHA-256:3F25F99A61113FBEEC282BCA9AFCECCBCAD5ABFEE606FFD675BC1CC55991AA4C
                                                        SHA-512:A6433F6CDA3B8BAD851EDE73813ECA74029CC0FAD8A7763B00F1D6F99BCBE20885622D14AFFA059DB24BB7393E5087DEA4F641EB559DE10429CDBA1C94FD849D
                                                        Malicious:false
                                                        Preview:14:53:25.115.INFO.Signaling force websocket stop..14:53:28.571.ERROR.Socket unable to read..14:53:28.571.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:53:28.571.ERROR.WebSocket connection error getscreen.me/signal/agent..14:55:53.821.INFO.Signaling force websocket stop..14:56:17.877.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:56:27.258.INFO.Socket connected to getscreen.me:443..14:58:41.161.INFO.Signaling force websocket stop..14:58:41.412.ERROR.Socket unable to read..14:58:41.472.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:58:43.507.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260223.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2723
                                                        Entropy (8bit):5.008404288527044
                                                        Encrypted:false
                                                        SSDEEP:48:EGSQDgzB+DmC84eNT8jDnA9RbORDEgi+wKDNdN3:T2z7C8z1TRgiRydZ
                                                        MD5:116A02AF72BFD2D647689071163FD24B
                                                        SHA1:F7196754E88629C275E0FE730D2D4631AF73894A
                                                        SHA-256:4450AAD4763D4FF6774BAD63E84E8A124B5379AB75D6FBC515BBBF7E7E4B6800
                                                        SHA-512:45316EF82F604D28D437AE15228203A9C2B768093179D991683300E1DFC8715C188152210381B63D982C0508AEE8AC380A2275F8C196727161EE6AC7FA676B53
                                                        Malicious:false
                                                        Preview:18:13:12.475.INFO.Signaling force websocket stop..18:15:35.060.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:15:35.503.INFO.Socket connected to getscreen.me:443..18:17:59.065.INFO.Signaling force websocket stop..18:17:59.065.ERROR.Socket unable to read..18:17:59.065.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:17:59.065.ERROR.WebSocket connection error getscreen.me/signal/agent..18:19:47.385.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:19:56.978.INFO.Socket connected to getscreen.me:443..18:22:12.870.INFO.Signaling force websocket stop..18:22:13.291.ERROR.Socket unable to read..18:22:13.832.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:22:13.842.ERROR.WebSocket connection error getscreen.me/signal/agent..18:24:39.164.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260225.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):826
                                                        Entropy (8bit):4.9927129982814105
                                                        Encrypted:false
                                                        SSDEEP:12:9ibQj8P4085bOW5XChBjn2tvvaq6Qj8P4005bu5:9ibDANbOW5XGBjn2tvf6DA9bu5
                                                        MD5:74B7DD1FACDFB72A970BBAABE3398B33
                                                        SHA1:F2A5E3B9E1E120D49FDAD6BBFBD469604ADF1FE5
                                                        SHA-256:6F35751D695BA7250404991EE537A7A0617DC6D868FA90E64787B652DE460D49
                                                        SHA-512:4B372464AACBE29E5F4B0DFA9927B263F68C63D1DE887D53607995A8410B8E2576F6BBCBE29700C0A30108EABDB1F8D0E9042B6C5168A3D4CE1C0015F6D01A55
                                                        Malicious:false
                                                        Preview:21:57:06.511.INFO.Signaling force websocket stop..21:57:22.935.ERROR.Socket unable to read..21:57:22.935.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:57:22.935.ERROR.WebSocket connection error getscreen.me/signal/agent..21:59:37.567.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:59:48.516.INFO.Socket connected to getscreen.me:443..22:02:01.022.INFO.Signaling force websocket stop..22:02:04.107.ERROR.Socket unable to read..22:02:04.128.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:02:04.138.ERROR.WebSocket connection error getscreen.me/signal/agent..22:04:16.243.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260227.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.913940178424686
                                                        Encrypted:false
                                                        SSDEEP:12:r2gjChthP2tvvEmgsDQj8P40WM5kQtChm2tvvn:r2GGth+tv8m9DAfok+GBtvv
                                                        MD5:D6B973DFACED10844EE2E76B3017F871
                                                        SHA1:B70F4F160AE174C021B69338FB64EFA6F6CE28B9
                                                        SHA-256:C99BA9FEB43B40B1D05E4A10DAC45142A82A0B3B13768EE48388D0C8EF4FF044
                                                        SHA-512:6B837336F84555E0C375205A7913063435F6ECA08A40617C5D91845A6F8E2B05577173788E48D9358DBF9080A2C28C344F4917FDA7B90E580D2172E644E00692
                                                        Malicious:false
                                                        Preview:01:20:19.016.INFO.Signaling force websocket stop..01:20:20.465.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:20:41.715.INFO.Socket connected to getscreen.me:443..01:22:54.009.INFO.Signaling force websocket stop..01:22:54.320.ERROR.Socket unable to read..01:22:54.320.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:22:54.320.ERROR.WebSocket connection error getscreen.me/signal/agent..01:24:42.909.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:24:48.104.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260301.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1285
                                                        Entropy (8bit):4.961314828410674
                                                        Encrypted:false
                                                        SSDEEP:24:fdDAMIGelumtvNsODAyIXGecttvN/2DDAd05:lDdleoKzDDtecPV6DUM
                                                        MD5:17CD269EEF66283D9B684A1A92557406
                                                        SHA1:6F92F589BD5D8DC4D95C31B48DD4A9192F25E2D1
                                                        SHA-256:BCBAD9D67BD3E97B7064E6EC19C45EBEDFFAFA9C84AE94AF9091CFBECC2ACE28
                                                        SHA-512:77F5E212E4C55BF3A55A6A3A047C988823877D455CA249D0F4734BF54BDF95199C61EDEEDEDACD67DCE053EB7D95266A0FCAE67207D6541F5E993D5FF3EFB815
                                                        Malicious:false
                                                        Preview:04:41:07.674.INFO.Signaling force websocket stop..04:41:10.814.ERROR.Socket unable to read..04:41:10.814.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:41:10.814.ERROR.WebSocket connection error getscreen.me/signal/agent..04:42:21.029.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:43:21.245.INFO.Socket connected to getscreen.me:443..04:44:32.753.INFO.Signaling force websocket stop..04:44:33.004.ERROR.Socket unable to read..04:44:33.034.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:44:33.054.ERROR.WebSocket connection error getscreen.me/signal/agent..04:46:44.039.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:46:51.165.INFO.Socket connected to getscreen.me:443..04:49:08.816.INFO.Signaling force websocket stop..04:49:09.879.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20260303.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2152
                                                        Entropy (8bit):4.983839258085562
                                                        Encrypted:false
                                                        SSDEEP:48:t6aIDl7DavDXLaNVxDtHV2atcxDgiBEvdZ3:tg7DcLoHVQ0dl
                                                        MD5:DC59C89C0E5B0519F77DEC4868E63ECE
                                                        SHA1:F482B1D917E974CC2541488C421462A801C7613B
                                                        SHA-256:D8E511202F0F82618957DC02B0AF2ECBAC07F51255C34E9ABA7CDDFF97160ED2
                                                        SHA-512:BD80087036B9F4DB90135A3BA9CF80061A741110D68ADC147A47C23532B38F5CA5C95C357DF2F39BA36F586B7AD9CE87617017FE1083D59753326096735396EB
                                                        Malicious:false
                                                        Preview:08:06:25.108.INFO.Signaling force websocket stop..08:06:26.157.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:06:29.946.INFO.Socket connected to getscreen.me:443..08:08:52.998.INFO.Signaling force websocket stop..08:08:53.369.ERROR.Socket unable to read..08:08:53.379.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:08:53.379.ERROR.WebSocket connection error getscreen.me/signal/agent..08:10:08.904.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:10:11.130.INFO.Socket connected to getscreen.me:443..08:12:40.804.INFO.Signaling force websocket stop..08:12:40.875.ERROR.Socket unable to read..08:12:41.186.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:12:41.186.ERROR.WebSocket connection error getscreen.me/signal/agent..08:15:06.504.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260305.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):826
                                                        Entropy (8bit):4.986372851042663
                                                        Encrypted:false
                                                        SSDEEP:12:OgmKsMxQj8P40kK5kT5jX2Ch57mtvvH2KxQj8P40s5dgtm5:OgmqDAUa9X2G57mtvOcDAtdgm5
                                                        MD5:BB2551FE822155C257B10CAEA7AD089F
                                                        SHA1:E478F5CB7F0726FC71923B742427B822A4EC52EE
                                                        SHA-256:7D98E9C54548A0B3760894CCE192BECFD6FEBE21679123D25224539C2599D508
                                                        SHA-512:48667E136C41783F9A072E2727DCC962CB5EF18FB138F158E2FED29C45E98E5983F8235831CEBA05FB8A8A0B496E7D5E034D3AE8DD7009D84F795FAF74E89993
                                                        Malicious:false
                                                        Preview:11:40:56.885.INFO.Signaling force websocket stop..11:41:01.244.ERROR.Socket unable to read..11:41:01.274.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:41:01.274.ERROR.WebSocket connection error getscreen.me/signal/agent..11:41:59.206.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:41:59.680.INFO.Socket connected to getscreen.me:443..11:44:23.234.INFO.Signaling force websocket stop..11:44:23.505.ERROR.Socket unable to read..11:44:23.535.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:44:23.535.ERROR.WebSocket connection error getscreen.me/signal/agent..11:46:48.962.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260307.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.952572537043436
                                                        Encrypted:false
                                                        SSDEEP:12:H2KmWCh82tvv9iKmKgi4ZilgQj8P40xi550mCh8tvvn:H2aGntv8Km6LKDAvv0mG8tvv
                                                        MD5:44EED0825A1898BD67C41E2D3B4B8C24
                                                        SHA1:70D11C663E3CC4B087BB384BB94928A5E01FB51F
                                                        SHA-256:86B8955857ED82B86A3D70DD67A03578B3B0F8661094469EC502FE23680781C8
                                                        SHA-512:8FCBACC0C081FBFF27B115E94C01982820ABE6503A53EEAA144955E90EA5EF516218FE13784EFA85608349A4310DB0980C6B5D4C77E00DE6A986A4590B0BF5DE
                                                        Malicious:false
                                                        Preview:15:01:47.226.INFO.Signaling force websocket stop..15:02:07.225.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:03:13.744.INFO.Socket connected to getscreen.me:443..15:04:21.405.INFO.Signaling force websocket stop..15:04:21.685.ERROR.Socket unable to read..15:04:21.735.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:04:21.746.ERROR.WebSocket connection error getscreen.me/signal/agent..15:06:06.489.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:06:13.430.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260310.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.954763787325388
                                                        Encrypted:false
                                                        SSDEEP:6:E/1i2XIX+WgIJUUBhyMIhyud2M0CCQP5K0Chh2DNBQEQOhs2XIXNLD4EQL1QdzvH:EdVKBylQj8P402W5i2Chc1Qtvvn
                                                        MD5:70E62CC8EA99C5A5DF9C7DC2FCAFEB75
                                                        SHA1:C3D089F3CB93090E229185305D69568ECB6A7FF8
                                                        SHA-256:685FD1EB9801B81CF9A0A015E2777913641DB8D5DE7E3FE8B66C9E1DF1CFD685
                                                        SHA-512:001353EB0C0D6755E19B289F41EA03EBF4D9ACAA9A8FBFFB54D49E95D4B0DC67B493135D0ABEAF25AC5A0DDBF52CE865E065A49A9DB3960DB29ADE266F3C2F37
                                                        Malicious:false
                                                        Preview:18:20:52.765.INFO.Signaling force websocket stop..18:20:55.444.ERROR.Socket unable to read..18:20:55.444.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:20:55.444.ERROR.WebSocket connection error getscreen.me/signal/agent..18:22:21.544.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:22:27.570.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260312.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.770942421748538
                                                        Encrypted:false
                                                        SSDEEP:3:GjFr2XINF+WgIO0/Vyn:Gj12XIX+WgIJUn
                                                        MD5:71C91F44600E482B70CB9C0E7109944A
                                                        SHA1:30DBCDB4938B64B7F2D13D71DAFE7B8F6142FAB2
                                                        SHA-256:616AA922B8766091E0F8FD67E2BF62728225D6AE864CFA6ED4CDF98745E81638
                                                        SHA-512:427578EED41DF7DA3A599BF7AE8748EEE61B3002BA03DF40D8CE6CC76207AF531D20335CDA3FCB22F7C6BF043D5214DA3912DE190B89819569C66CE3E6FF027F
                                                        Malicious:false
                                                        Preview:21:37:10.526.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260314.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.949076834331967
                                                        Encrypted:false
                                                        SSDEEP:12:N64Qj8P40OO5Yl5iS1ChF2tvv4QVQj8P4055T:NdDAmdyGMtvhVDAGT
                                                        MD5:6BD4039DA30DD2DF79B19D3D359B3B6F
                                                        SHA1:43277761D9AE37467F2DD168B21AF1EEEB073CE8
                                                        SHA-256:95FE44348BEEB7A001D02FBBEDF4FAFFE89A3EE6670254C05E7A986892738256
                                                        SHA-512:910BD29B4E9A9911D39278DFA08C11E7A02D294B00BB72187D660E7AC3A1BF3DE8389C79667DCFF93413DFB32505169C3BCC07514603DBEA8C194A68A94A4FB3
                                                        Malicious:false
                                                        Preview:00:51:40.956.ERROR.Socket unable to read..00:51:43.658.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:51:43.659.ERROR.WebSocket connection error getscreen.me/signal/agent..00:54:09.030.INFO.Signaling force websocket stop..00:55:05.221.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:56:15.534.INFO.Socket connected to getscreen.me:443..00:57:19.115.INFO.Signaling force websocket stop..00:57:19.807.ERROR.Socket unable to read..00:57:19.807.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:57:19.807.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260316.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.806656707462825
                                                        Encrypted:false
                                                        SSDEEP:3:8CXXINF+WgIO0/Vyn:vXXIX+WgIJUn
                                                        MD5:78E761761853038E603F09E843BBF7E2
                                                        SHA1:1EA0CA51F0F7DF41801E7AD05A0B6A32F66622B2
                                                        SHA-256:A4AF57D71B0CB05082C56F508052D43566C0B1DBB98E365F3F0DD5A7CBD3F3DC
                                                        SHA-512:A525C9886BE076AAF00227FA3085B0192660AB6EDB909E970F581938721FB06790FDD7582882135270A4F246438D0633546FEDF63A631A9C2FAD7B1FF8A27FC7
                                                        Malicious:false
                                                        Preview:04:12:08.963.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260318.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:SXc4Tts3qXXINF+WgIO0/Vyn:SHTe2XIX+WgIJUn
                                                        MD5:5AD96E0384362C73AF17E887AC88D911
                                                        SHA1:8F37D26FFF8487B3D678D373F42010387AF675EF
                                                        SHA-256:1505BAEC33F902CAD7B35DAC93327060E31BC82BF6AF9622AC732ECBEB27052D
                                                        SHA-512:3AE165CB5140DACEB1E2A424D270E129EE1268DCC854F4C52731307D1A9497A5AF7312B6A967F64CB16810B449DC9ABE9EF3CD2D1127186B80993DCC816BD766
                                                        Malicious:false
                                                        Preview:07:26:57.610.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260320.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1066
                                                        Entropy (8bit):4.952019228469991
                                                        Encrypted:false
                                                        SSDEEP:24:Mo2G02tvHExDAOMA9Ga2tv2pDAJjj32Gptvv:fv0auDEAAaaQDAjj3v73
                                                        MD5:201AE665622B51C44016F2280FDF494A
                                                        SHA1:61BEC652D78EE986B2ED99D898388A6B4B113282
                                                        SHA-256:2B366CF062037B70B878621DF19483C52F3D48FC1A8B87598C7E8D9D87AE1154
                                                        SHA-512:DF3C36BB9C29F3815EDAD91518C1B833ACA8969D2A2A75BC013809C67242E5F6B5149098BCF7E4BDDC88BDEE9E2C49BDEC656C9DF9DB7926CCDC6E552B4B7A01
                                                        Malicious:false
                                                        Preview:10:41:33.406.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:41:47.836.INFO.Socket connected to getscreen.me:443..10:44:07.528.INFO.Signaling force websocket stop..10:44:08.079.ERROR.Socket unable to read..10:44:08.119.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:44:08.129.ERROR.WebSocket connection error getscreen.me/signal/agent..10:46:09.733.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:46:16.006.INFO.Socket connected to getscreen.me:443..10:48:22.568.INFO.Signaling force websocket stop..10:48:22.849.ERROR.Socket unable to read..10:48:22.869.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:48:24.894.ERROR.WebSocket connection error getscreen.me/signal/agent..10:50:41.986.INFO.Signaling start connection to 'getscreen.me/signal/agent'.

                                                        C:\ProgramData\Getscreen.me\logs\20260322.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.972642411846866
                                                        Encrypted:false
                                                        SSDEEP:6:IwhqXXIX+WgIJUUIRMPoEud2M0CCQP5K0CoEDNBQEQ4:IwhmKOQj8P40E5T
                                                        MD5:8E9B43913B955B60146C9AD1444675F7
                                                        SHA1:9924CB2B8BE3123A31148103F2158792C9CAB354
                                                        SHA-256:1A6BFDF1400F9873434F5DE80FDA0D976E862FD209661B16DBA24940C744D6B4
                                                        SHA-512:F9B43F750973E1AC9D4EBC1F2D58815872D6160BDC6C28FBBA872F90F9967B6FD0C5D68B9578034F56DD2EF13C386EE235A07E684ED8DDE696F693D9015ED97F
                                                        Malicious:false
                                                        Preview:14:07:23.689.INFO.Signaling force websocket stop..14:07:26.724.ERROR.Socket unable to read..14:07:26.744.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:07:26.754.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260325.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):3748
                                                        Entropy (8bit):5.009480348641402
                                                        Encrypted:false
                                                        SSDEEP:48:Ns+WDw+Ap1Dm9vy4sbkDi0o2ODNgGvOTDEqxbd2Dj/ZFJeLnDB8k2orE:OA+nJZ0d5gsLua/PELt8kK
                                                        MD5:66FDE8F3182E16B396FE4F5471B885CD
                                                        SHA1:FBD7B5880090862B097A5A4370A3F19EF321EE5B
                                                        SHA-256:3181B4559339538AC66CE3F822E9CBAF3453C12DD2D1A69B317039C93F7D784F
                                                        SHA-512:D25D775A9B02D14F3170AB25436F5BDC608B7AD0EA2BBC30CA862B9DC1E3A769F6270CC16897BEED2FED31D624055238B202A1C1227F34FFE88D0777CE792F07
                                                        Malicious:false
                                                        Preview:17:22:11.989.INFO.Signaling force websocket stop..17:23:18.178.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:24:20.205.INFO.Socket connected to getscreen.me:443..17:25:29.845.INFO.Signaling force websocket stop..17:25:29.946.ERROR.Socket unable to read..17:25:29.956.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:25:29.956.ERROR.WebSocket connection error getscreen.me/signal/agent..17:27:22.817.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:27:24.398.INFO.Socket connected to getscreen.me:443..17:29:46.230.INFO.Signaling force websocket stop..17:29:46.291.ERROR.Socket unable to read..17:29:47.073.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:29:47.073.ERROR.WebSocket connection error getscreen.me/signal/agent..17:31:11.776.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260327.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2983
                                                        Entropy (8bit):5.014888967372749
                                                        Encrypted:false
                                                        SSDEEP:48:GjDxbseGPjc7uDIZbHwdqNfrDgobfBtMDJb49GDDtbHq0DXbvkA3:6AefjlfgorssYlDNbX
                                                        MD5:68A5444F5B6EFE282A1DFC7449FEAB79
                                                        SHA1:4B713F0800DD25D64011B22A43DE0C4E3CB66035
                                                        SHA-256:4D6039AA641665F055D3C6CA911D2F415C4C3F7220FB8EC62329A897A2AFFECC
                                                        SHA-512:9CE3465D1E5DE45FF161F6B100207F1F4A2FBF05FC1A19ACA0CBC882E84EF7DDF9336B79F5B956B13BA158401A4B933ED9E8429F17AD398FE4D39A091FE77069
                                                        Malicious:false
                                                        Preview:21:19:43.049.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:21:33.681.ERROR.WebSocket connection error getscreen.me/signal/agent..21:22:43.148.INFO.Signaling force websocket stop..21:24:34.258.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:24:54.499.INFO.Socket connected to getscreen.me:443..21:26:58.897.INFO.Signaling force websocket stop..21:26:59.378.ERROR.Socket unable to read..21:26:59.388.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:26:59.388.ERROR.WebSocket connection error getscreen.me/signal/agent..21:29:24.597.INFO.Signaling force websocket stop..21:29:57.015.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:30:12.228.INFO.Socket connected to getscreen.me:443..21:32:22.296.INFO.Signaling force websocket stop..21:33:52.969.ERROR.So

                                                        C:\ProgramData\Getscreen.me\logs\20260329.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1397
                                                        Entropy (8bit):4.995483306539609
                                                        Encrypted:false
                                                        SSDEEP:24:q2XDALkPA7R2GDztvs5DAwtkL0X6q2GRns2tv8nX8DAf8kv5:q6DekY7Rv1CDhkLNqvRnsa0sDm8kh
                                                        MD5:820DC15CA508B49AFCD9F925E1DDE538
                                                        SHA1:0972C467A3B6B25017227BCFD0BA4DEAB4BD7B2A
                                                        SHA-256:786F62781532EF1F2637206FB032514229F2B11B4D1C13E76CB2BB6E01146D44
                                                        SHA-512:672E3596F626FBE356E2EA0FC3B3B75EFE0B2D5E4926BEA366CCA2DC17841009DC718A8E81392F4DB6644F3497C38ECE4834E746A11EF48FF40C0190C200840B
                                                        Malicious:false
                                                        Preview:01:09:40.186.INFO.Signaling force websocket stop..01:09:44.158.ERROR.Socket unable to read..01:09:44.158.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:09:44.158.ERROR.WebSocket connection error getscreen.me/signal/agent..01:11:56.909.INFO.Signaling force websocket stop..01:12:53.766.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:13:19.577.INFO.Socket connected to getscreen.me:443..01:15:19.061.INFO.Signaling force websocket stop..01:15:19.482.ERROR.Socket unable to read..01:15:19.482.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:15:24.406.ERROR.WebSocket connection error getscreen.me/signal/agent..01:17:44.767.INFO.Signaling force websocket stop..01:17:49.066.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:17:51.306.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20260331.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1693
                                                        Entropy (8bit):4.962877957787514
                                                        Encrypted:false
                                                        SSDEEP:24:jfgGetvEJNDAZ/82GegttvNVmNDAANkU2GeutvXfDASmGPtvv:L9ycND8EveucDJNxveC3D7fl3
                                                        MD5:175E75E5F0B42B52E42484774395538B
                                                        SHA1:681F25E4EE1179D3268A871981B3B7DF9AC373A7
                                                        SHA-256:AE7910C001B0EDF056C5226B030081765E60563F44723C5F8A690597326B2D64
                                                        SHA-512:E01D48120459D65D296F625D4A266C642594B4FA534A3278023CE131C4FC8B7FC3C74C9E8ADEC2A9C45ED10CA574EACB76692B64605E97EA289692FB93B77619
                                                        Malicious:false
                                                        Preview:04:37:22.089.INFO.Signaling force websocket stop..04:37:28.008.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:38:05.232.INFO.Socket connected to getscreen.me:443..04:39:53.561.INFO.Signaling force websocket stop..04:39:53.882.ERROR.Socket unable to read..04:39:53.932.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:39:53.932.ERROR.WebSocket connection error getscreen.me/signal/agent..04:42:19.388.INFO.Signaling force websocket stop..04:42:30.073.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:42:41.298.INFO.Socket connected to getscreen.me:443..04:44:54.641.INFO.Signaling force websocket stop..04:44:56.244.ERROR.Socket unable to read..04:44:56.244.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:44:56.244.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20260402.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2004
                                                        Entropy (8bit):4.999012668336274
                                                        Encrypted:false
                                                        SSDEEP:24:e2gsADAgN1TCG5tvXp2xajA6DADF4GWtvqXAAxDAkihRpbGN2tv1RL9RDAY5e2GN:eXD3FLvpa4nDeb6ChDowAbvDxevx3
                                                        MD5:DAC047D6964D87ADF8EDCEFB09C3BEEC
                                                        SHA1:50B9AAF3029BA86C4BD378CBDC61D300B1B6A04F
                                                        SHA-256:A3154C4619B3E9912B046029CC9260AAC2AD9D743EF59CBB47B607287F7C0D97
                                                        SHA-512:F3E3EC12E9D1E9F89C655F54DB8D61CFE745E8ED77F3C0962572EB712087BBD6C9F3B3C9BF0EB2E77ADB689ACD57A128328084A3648B41A5E864BB30F53CBD4E
                                                        Malicious:false
                                                        Preview:08:07:26.026.INFO.Signaling force websocket stop..08:07:35.247.ERROR.Socket unable to read..08:07:35.277.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:07:35.277.ERROR.WebSocket connection error getscreen.me/signal/agent..08:10:00.523.INFO.Signaling force websocket stop..08:11:11.617.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:11:22.138.INFO.Socket connected to getscreen.me:443..08:13:35.006.INFO.Signaling force websocket stop..08:13:35.247.ERROR.Socket unable to read..08:13:35.257.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:13:37.943.ERROR.WebSocket connection error getscreen.me/signal/agent..08:15:47.329.INFO.Signaling force websocket stop..08:16:43.435.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:16:47.263.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20260404.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.9390600731633505
                                                        Encrypted:false
                                                        SSDEEP:6:DQHs2XIX+WgIJUUfXIaHMQFBKHud2M0CCQP5K0C/FBKDDNBQEQ4:MHXK/I4cOQj8P40Qcn5T
                                                        MD5:C2235EB5031A38C2060998D6751C0A4D
                                                        SHA1:8019003638812A15A7185F9FE930A90FD280AE30
                                                        SHA-256:768C4833274DD4C158FC0F085D58CDFCBA5E100114DE2FB931F42E27C1B7ECC6
                                                        SHA-512:42B800749AAF618B70D5997412077A8611E85055364A619422E565397BE569763E2DC2960469570F8D6C16BA814C9CC91CA075FA3B6F4870E48C48526A0ED231
                                                        Malicious:false
                                                        Preview:11:43:08.595.INFO.Signaling force websocket stop..11:43:12.125.ERROR.Socket unable to read..11:43:12.155.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:43:12.155.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260406.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.721748002067049
                                                        Encrypted:false
                                                        SSDEEP:3:If0cnXXINF+WgIO0/Vyn:IMcnXXIX+WgIJUn
                                                        MD5:284C8D4230AB03DFB3F74D2E3FC57E41
                                                        SHA1:C30C4525DDCFDB47E6F6BB02CFC01E10459D0DA9
                                                        SHA-256:72C871078ABF66D070AE934E97547D56D0D4B2DAADC9C684235458A77985B187
                                                        SHA-512:B3FA5231A3FA263DF29A50E57173CD3B5844B4571FA9C2819643BD83C7B1E5A73E32A5E05E3E8A2644FC5A82C0617F9E4C68B84C376CFC01AE0A6043B2E72131
                                                        Malicious:false
                                                        Preview:14:58:23.883.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260409.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):5.000619434143659
                                                        Encrypted:false
                                                        SSDEEP:6:EGfgiXIX+WgIJUUWLWn9X2XIXNLD4EQCKdzvRWl8Rvvy2XIX+WgIJUUWgMRIkudv:EI5KWbChGtvvy2KWjyQj8P40T5T
                                                        MD5:D2E76653707A0A1F790DA2A542104D3D
                                                        SHA1:CD461C027D5B58CB5C29F4CE518A74AB4B95828F
                                                        SHA-256:677A62050D3AC4A38E6F6E1AFE25795637D9A41F9CA430E2F3A2010ACC6330CD
                                                        SHA-512:B470BEA4AE8BEAB74B756AC28301E5B48045D1514FA1A3C90D89ACF2C20787C3A24F5C892656367BCD8DF72B385C4CDC74E60CC39DF3E42B20D9407188253D78
                                                        Malicious:false
                                                        Preview:18:12:59.630.INFO.Signaling force websocket stop..18:14:03.745.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:14:10.482.INFO.Socket connected to getscreen.me:443..18:16:27.286.INFO.Signaling force websocket stop..18:16:27.427.ERROR.Socket unable to read..18:16:27.477.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:16:27.477.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260411.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:s4CrWs2XINF+WgIO0/Vyn:scs2XIX+WgIJUn
                                                        MD5:7535CDA8AE2E94ACFAA791E072F2821B
                                                        SHA1:B44E6E9B742B12CDC603A4DF3ADDE15CDABBC9E3
                                                        SHA-256:CF53822A983EEB15E41F10FBF7378CDBC6C6D90366FB02568E16697DB25FBB47
                                                        SHA-512:738D71E2F461871672AE41E7142EDFD6321705711A17310F4C7410132AB7AAFA35690BFDE5494F25AA15889EB6CBA3ABB6A836839A163E6F3CA68584DBEF7614
                                                        Malicious:false
                                                        Preview:21:31:07.247.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260413.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1234
                                                        Entropy (8bit):4.95982776118992
                                                        Encrypted:false
                                                        SSDEEP:24:E0vGIYXtv8dm5I5BDA95SxIGktviMDAgO2C9lGB9Atvv:EJHdyD/DEtDROXuB23
                                                        MD5:11F271C55D83972B7C60F601F7891BD5
                                                        SHA1:C1257849A430C07C9B81D37985F0F3813FE6DEE3
                                                        SHA-256:B67657D22F884FC5DDAEE3D2B64FE07AFC82D9E51C51A69747D46E416C510480
                                                        SHA-512:62C4E8AC0924C877C33414DCC7C0F567794CEBE543FD3DC64B0570D108155452E4388D1A9E059472DCD1092032DC74D5176B5DA21D80E6407A282795B0A8C977
                                                        Malicious:false
                                                        Preview:00:47:24.903.INFO.Signaling force websocket stop..00:47:26.633.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:47:37.740.INFO.Socket connected to getscreen.me:443..00:49:43.914.INFO.Signaling force websocket stop..00:49:43.975.ERROR.Socket unable to read..00:49:43.975.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:49:43.975.ERROR.WebSocket connection error getscreen.me/signal/agent..00:52:09.199.INFO.Signaling force websocket stop..00:53:02.059.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:53:10.785.INFO.Socket connected to getscreen.me:443..00:55:26.019.INFO.Signaling force websocket stop..00:55:27.201.ERROR.Socket unable to read..00:55:27.211.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:55:27.211.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20260415.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.967451269743974
                                                        Encrypted:false
                                                        SSDEEP:12:h2fQj8P40O5z2ChEs2tvvfSQd3NQj8P40Tu5T:0fDAzaG52tvHPd3NDAi2T
                                                        MD5:0150777B99F6E50F0852806F63D58A0F
                                                        SHA1:1F33DAF882DFE22EE24CB6954343BD3601E07B6F
                                                        SHA-256:DC6B294907F30589BAAFC11B5D7873EEC88A89D75B169EA6578D79668C3BAA6E
                                                        SHA-512:A4C9CF2B9520ADE065304D51EF71C4B1BA53FA4B0801B1257CF99F2065A9B8FCC8B549B1A078F4123E9F02A0CCDE7AC7152E68DC73AE530B2EE41E5E2E8917C5
                                                        Malicious:false
                                                        Preview:04:12:45.893.INFO.Signaling force websocket stop..04:12:49.811.ERROR.Socket unable to read..04:12:49.811.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:12:49.811.ERROR.WebSocket connection error getscreen.me/signal/agent..04:15:06.134.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:16:06.606.INFO.Socket connected to getscreen.me:443..04:17:17.780.INFO.Signaling force websocket stop..04:17:17.941.ERROR.Socket unable to read..04:17:17.941.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:17:17.941.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260417.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.757462287781333
                                                        Encrypted:false
                                                        SSDEEP:3:SWPELByn2XINF+WgIO0/Vyn:SWMLIn2XIX+WgIJUn
                                                        MD5:CE3C92DA7AF8021153676223EDF8136D
                                                        SHA1:7B817184D148072E2BD3EA2629F94F0B85E1DCDB
                                                        SHA-256:F1A18AFB123F7502F9685D452452EB746E0DC2FF77BD5CC64CE5D9A26E2C64CF
                                                        SHA-512:D3DCE91E963418C88F25207BFBB0A1ED9BE653C2807679F7E87FAD1218D92D716F7FA49724373F35EAC20ACAF08BF620607245CA67E3FF018263FE7A0EC19F70
                                                        Malicious:false
                                                        Preview:07:32:54.515.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260419.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.73678470809201
                                                        Encrypted:false
                                                        SSDEEP:6:M2XIX+WgIJUUW02XIXNLD4EQZXdzvRWl8Rvvn:M2KWPCh2tvvn
                                                        MD5:8317BFF771F530E15C5245541D27069E
                                                        SHA1:ACD421A43C669F1CCCDB49C887D223246EAAE667
                                                        SHA-256:1E7EB891F4A26C95DCAAC858C66F2E64A8D3181529DB0718BD13DC23D39E4E33
                                                        SHA-512:32C7CBCCF75C01D611B271B5FC0D5D857496894831DD33171077287F9EF36E49B4DAA689629664E29A75325E060108DEA8221EEA497841875D17EABE41D4BDFF
                                                        Malicious:false
                                                        Preview:10:47:30.699.INFO.Signaling force websocket stop..10:47:34.437.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:47:35.733.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260421.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.956112616848749
                                                        Encrypted:false
                                                        SSDEEP:12:IqKFDkDxQj8P40cDK5dWChFtvv0iKxF/Qj8P40wI5T:76wtDAJWdWGFtvPyDAyT
                                                        MD5:5187B4539236BB9AFA32633B8D9EA932
                                                        SHA1:49FD5C2999DE85596F96D3E3CB92EA6E12D8BDDE
                                                        SHA-256:5EB2A92E7E950BEB33AB9D7B31F9B829E5151D682ACFF91E5F54ECE41E9386C1
                                                        SHA-512:B6D2FB40380F2468A40EAC11B2262EA987E01F8835A80ACBCB5F72181F97AF98AC73B54A5792D9C773555791128FF17CD1AD6841F6FA983195CA457A15F719ED
                                                        Malicious:false
                                                        Preview:14:04:23.702.INFO.Signaling force websocket stop..14:04:26.071.ERROR.Socket unable to read..14:04:26.071.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:04:26.071.ERROR.WebSocket connection error getscreen.me/signal/agent..14:06:21.022.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:06:22.803.INFO.Socket connected to getscreen.me:443..14:08:44.390.INFO.Signaling force websocket stop..14:08:45.051.ERROR.Socket unable to read..14:08:45.111.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:08:45.111.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260423.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.7778792393187866
                                                        Encrypted:false
                                                        SSDEEP:6:DArXXIX+WgIJUUtb2XIXNLD4EQAHXdzvRWl8Rvvn:DATKtqChxtvvn
                                                        MD5:9C086B850E3BC0AEB42A63C70F795F59
                                                        SHA1:B8267CFB7D52C95E1DF31397418C4CF1AD8104E6
                                                        SHA-256:5F1BA49D598753EBFAA59435587A2D6EDC3E508AC54E04799A0F5C382C8F9AF0
                                                        SHA-512:B3F1786ED60EFFB22AEC333D637BDF1DC3093785D24598992E983199BED81478F56695E502D05F8EB0DB1F124451C4D1FE146E259C13687C21861578C573442B
                                                        Malicious:false
                                                        Preview:17:25:19.603.INFO.Signaling force websocket stop..17:25:20.251.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:25:26.410.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260426.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.926119181495251
                                                        Encrypted:false
                                                        SSDEEP:6:bu5r2XIX+WgIJULWLQ0MNWLQ0ud2M0CCQP5K0C85WLQwDNBQEQ4:yiVMQPMQhQj8P40Z2Qa5T
                                                        MD5:9F711CB2C7A0257B07213A6A399F44CF
                                                        SHA1:8032BA13CCFDDEF7648D1C085BF79BB752711091
                                                        SHA-256:C360214278E0EE068CDB726379A60FAAEEB84855889CC0F0149EF058BC5F1661
                                                        SHA-512:2B6D1DE6EF6445B817A6840CAABE37EEA12BD5C0CDE8793FD3989B0BFFEE0646845F0D7A233DA1FD326BA74FD29C0422BD433DE8BC0EE6C6FBCAC9B725D6D607
                                                        Malicious:false
                                                        Preview:20:40:19.757.INFO.Signaling force websocket stop..20:40:21.582.ERROR.Socket unable to read..20:40:21.582.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:40:21.582.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260428.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:8UVs4mXINF+WgIO0/Vyn:8UG4mXIX+WgIJUn
                                                        MD5:9065B34178813F045D3C61A9F481FD54
                                                        SHA1:656039F2FF5B9C34E1010B51BB582199EA17A374
                                                        SHA-256:F279CF6CF2C77846B082E02A7542C0CEFB28A642FC8D990B892A56F8A5CA55A9
                                                        SHA-512:E2DE6B2BA6FFE1F7AB51B8F82B092D5A8B5349EFCB259E44905EB900E3B4C9B14C9D2B1BA112106C65A727DB79D833E3B805659DFF12F5A2C97714A4E7E688DE
                                                        Malicious:false
                                                        Preview:23:55:18.929.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260430.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.792680955047483
                                                        Encrypted:false
                                                        SSDEEP:6:ONIF2XIXNLD4EQsKqXXIX+WgIJU8R12dzvRWl8Rvvn:ONIF2ChJKm22tvvn
                                                        MD5:B74873C2C6326BDD270451432BC4FB3D
                                                        SHA1:D1A80BC25A454376B25C6885CD69D5EBE4081B6F
                                                        SHA-256:739AA4F4D6BEF935B1ADC3DDEBDF5B7881F6EF766A478426CFC456C847AB1044
                                                        SHA-512:D550E08FFFA970D61E92B70328F0EE6D676E0C1DF951737FBFEB7339E5525C5DE562D435DA890D751D47D757C9D14E5A8FBD999DAFCEF30B435273416644588F
                                                        Malicious:false
                                                        Preview:03:11:16.279.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:12:16.489.INFO.Signaling force websocket stop..03:12:25.606.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260502.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.908259493562929
                                                        Encrypted:false
                                                        SSDEEP:6:WOXXIX+WgIJU1Mjud2M0CCQP5K0CE/DNBQEQ4:WOX9Qj8P40175T
                                                        MD5:2DFFCFF66DA7952460439A90AD99EE61
                                                        SHA1:3BF5DBD50BDE7FB2BBD7625E1C65EA0FA63D7159
                                                        SHA-256:B661024E7FFC8F4195C11FDB7964AF95F21BEC49836F7E5209557BC99B3878F2
                                                        SHA-512:58F81883DA4ABB4DD41B0A3D02C04E186B68BA607DF9D9E2DBE8D71AB62825B14C0CEF243E20861566E1205C80ADE37A1A78D0CA7FA2E2E301740AD73F98A75D
                                                        Malicious:false
                                                        Preview:06:28:30.202.INFO.Signaling force websocket stop..06:28:33.182.ERROR.Socket unable to read..06:28:33.182.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:28:33.182.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260504.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.786498970102188
                                                        Encrypted:false
                                                        SSDEEP:6:4qJJuX2XIX+WgIJU2Hr2XIXNLD4EQ6RAdzvRWl8Rvvn:BJRoHiChetvvn
                                                        MD5:8C21DE58755AC0EDFAA0C8B7F258590A
                                                        SHA1:5780508367F55A40C86205283D21A312BD9E21CE
                                                        SHA-256:171DF1D4008A718237ECBF784CD3CBBB0AA44015D8AF7A98C33E00ABA609F3AE
                                                        SHA-512:6581BC17DD57645592CAC5531AF92F106D5DD1CCFEB59398422DB4052FF184C4403B50695CB73E0E0CB9EB51A9FB507FDDFECD6837E9F37B7D3607D76613869D
                                                        Malicious:false
                                                        Preview:09:43:15.465.INFO.Signaling force websocket stop..09:43:58.327.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:44:00.121.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260506.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.770942421748538
                                                        Encrypted:false
                                                        SSDEEP:3:OfQcfsuriXINF+WgIO0/Vyn:Oyu2XIX+WgIJUn
                                                        MD5:270F153C5BCA7A85A9797639CB35EAF6
                                                        SHA1:6FA4C7DA9E0A318363E2FD3A6AF90FCD4C4BBD74
                                                        SHA-256:698816D995C638FD8A2D7703D7C3A4A50AC9C66701C9F35F2819623A875CD31D
                                                        SHA-512:E82107C1F732CEEB9CCFD1B1500E9D5FEBCB444F1F45393C94340122660D7CC9A6CB490FC72696A1C0D541B820865995B63AC95D0204018987A19CEC961C52EA
                                                        Malicious:false
                                                        Preview:12:59:44.879.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260508.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):51
                                                        Entropy (8bit):4.274695684811806
                                                        Encrypted:false
                                                        SSDEEP:3:KfjhdGy3qHKZA12n:Kbh8y3EMB
                                                        MD5:6CCD59ACE5C4EBF9FCAA1BA32E90AAF8
                                                        SHA1:20E59059DF90FEF0A35C95AE1FF55F2F28CA8757
                                                        SHA-256:ACB771D6F9DC3EA17FD265928D19C7C74B4540F5F12D840DEEB15757BAEB2931
                                                        SHA-512:30D6F05E65B04973EDFFFC72F72D09F8A821B6531FBB9C771CC9AD7ED6C6708A03701BA0CE7D26AA1F921971F662DBC5B35C670C637533BD87C098160E95266A
                                                        Malicious:false
                                                        Preview:16:14:16.080.ERROR.Socket unable to read..

                                                        C:\ProgramData\Getscreen.me\logs\20260511.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):125
                                                        Entropy (8bit):4.641771263207217
                                                        Encrypted:false
                                                        SSDEEP:3:F11L1E+//KKX76VyITHiC1uPLRyOML0Hiy:nHEud2M0CCQP5K0Cy
                                                        MD5:773E4C2F3F609B26548663BFA724BCA6
                                                        SHA1:6CB2B1CEA9EE39C5200E953D98F7E52C48F0392C
                                                        SHA-256:BFE81FD61DF62FEE51E429283A47430BC34DF6F975664271C131CE5AD417E9C3
                                                        SHA-512:99D8569DD602475455BE7C6CD1EE1A5B96FF3871C1885C6525D0EA6EA33A6D7E10E4B8769B7E2F3D439C367961EEE4A44245CE01E8A2FB255503FE5A6A807D74
                                                        Malicious:false
                                                        Preview:19:28:46.068.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..

                                                        C:\ProgramData\Getscreen.me\logs\20260513.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):135
                                                        Entropy (8bit):4.841682612181474
                                                        Encrypted:false
                                                        SSDEEP:3:FrFLzXINF+WgIO0/VyXXR7KDAUOg1MGXAELD8KruA:VFHXIX+WgIJUVKDDNBQEQ4
                                                        MD5:373E75FFD491B5356C27D318A793BABE
                                                        SHA1:2ACC2079C701E5274438EA3B483CC8108E990303
                                                        SHA-256:8AAF7BAAC8301F6E657951C8A960330C7E68A4CA73C1093F0107E3CF60D98AF5
                                                        SHA-512:61C1495169337B8AFFB227AAD7CABFB330EEFDEC5A7306A9F884FA5204805DB119BA1DF656D36C1B1C82B282F020A207B9DECE11D1FD4324A723001E878A291D
                                                        Malicious:false
                                                        Preview:19:31:11.498.INFO.Signaling force websocket stop..22:47:52.833.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260515.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.960215414195753
                                                        Encrypted:false
                                                        SSDEEP:6:40mXIX+WgIJU34qXXIXNLD4EQLoridzvRWl8Rvv9m2XIX+WgIJU3NgkMhNgkud2K:wdChaoritvv9Fja6Qj8P40x9Nb5T
                                                        MD5:F2BB722179AAABDF835C0C282A7F3876
                                                        SHA1:F50F9ED876A2E3D67CF2B72683E54A17CC32BF76
                                                        SHA-256:FFCD5575312860730D3419CEF4BEB9E8879C6882BC63F70E12A462CE63FFF5B0
                                                        SHA-512:1A1C7F783C0F2CDC73D46A6D809561D2F2E8C1C3D262615A7C5503A617324920A312E48DF5D1272E759176F78D8659919EC7DBA1FC41D0DC1CA62941B40BAB18
                                                        Malicious:false
                                                        Preview:02:02:56.388.INFO.Signaling force websocket stop..02:04:01.989.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:04:08.292.INFO.Socket connected to getscreen.me:443..02:06:26.111.INFO.Signaling force websocket stop..02:06:26.153.ERROR.Socket unable to read..02:06:26.153.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:06:26.153.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260517.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):260
                                                        Entropy (8bit):4.799365001135673
                                                        Encrypted:false
                                                        SSDEEP:6:0yXIX+WgIJU6AX4k2XIX+WgIJU6ATion2XIXNLD4EQLTV02dzvRWl8Rvvn:Fky4/kBw2ChCPtvvn
                                                        MD5:CDE9BC0EBC3BE1C37DD18BCCB33E3F29
                                                        SHA1:B4E2EAD5F75F4C9EEF30A7A3D8812909ED999459
                                                        SHA-256:30D55F19861C009B43888B20487CBA3E087F89CA085CC835E8090ABF25CD7A37
                                                        SHA-512:95DB1CAABC5D7D816FE80EF07465E3C0A27DB8FF244C027D54FFE9E13E01991D79F226E977AE4ED299FA15ECB2B1EA8CF41A20E25710B66B76E9EB17877F1A0E
                                                        Malicious:false
                                                        Preview:05:21:10.811.INFO.Signaling force websocket stop..05:23:27.115.INFO.Signaling force websocket stop..05:23:31.356.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:23:31.607.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260519.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2407
                                                        Entropy (8bit):4.994179312851397
                                                        Encrypted:false
                                                        SSDEEP:48:U5hDwyq/hquGD0iCChS/sDnSvoYkDiqasBDhvwm3:mEDiJhS/+o/7qBvwQ
                                                        MD5:F7D4E93EB9FCAB223FF140D8F990DBE7
                                                        SHA1:4D764341B9D669D0057CD8B622303BEB1D2A1DF2
                                                        SHA-256:34DE59DDB18F560F8F199BA2C31C0D710733804A5E0DF9A02037A012652ACA4E
                                                        SHA-512:B6EAC2DDB08DEE678A71C2EB608A852ADC1E147A01C1E07D7865500AFF2FCBEBF135FBABBA21866E413878B167B812E5EC0C7CC4CD644A7583A18FD49AA2BA65
                                                        Malicious:false
                                                        Preview:08:38:52.223.INFO.Signaling force websocket stop..08:38:55.052.ERROR.Socket unable to read..08:38:55.082.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:38:55.082.ERROR.WebSocket connection error getscreen.me/signal/agent..08:40:30.945.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:40:33.161.INFO.Socket connected to getscreen.me:443..08:42:56.316.INFO.Signaling force websocket stop..08:42:56.587.ERROR.Socket unable to read..08:42:56.607.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:42:56.607.ERROR.WebSocket connection error getscreen.me/signal/agent..08:45:00.211.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:46:02.263.INFO.Socket connected to getscreen.me:443..08:47:13.947.INFO.Signaling force websocket stop..08:47:13.967.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20260521.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):8587
                                                        Entropy (8bit):5.007220807250466
                                                        Encrypted:false
                                                        SSDEEP:192:dHM/YsOegslne8j8vBQCwPOAPMPYsEUYantaE+c54T:fY
                                                        MD5:7BE96075422EB201CC5E7BC2FF49AC61
                                                        SHA1:7CADB99B1058C8C19861C3FBF15614C750AC891D
                                                        SHA-256:0DEE6462F669DC35A7D285ADCE5753B30CE3EBAA9168187C595BD8C9DC32BB8A
                                                        SHA-512:E0A9B2723BBE2716BC25C3B2161957EB5684C18002343E5A8C5F71BFE560550ED124D8B0E2D628CA55E71F30CECF45E552C556A7913BFC27E3F36E1F3200DA81
                                                        Malicious:false
                                                        Preview:12:16:19.245.INFO.Signaling force websocket stop..12:16:26.609.ERROR.Socket unable to read..12:16:26.630.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:16:26.630.ERROR.WebSocket connection error getscreen.me/signal/agent..12:18:52.243.INFO.Signaling force websocket stop..12:19:06.592.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:19:15.548.INFO.Socket connected to getscreen.me:443..12:21:30.043.INFO.Signaling force websocket stop..12:21:30.204.ERROR.Socket unable to read..12:21:30.244.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:21:32.035.ERROR.WebSocket connection error getscreen.me/signal/agent..12:23:55.484.INFO.Signaling force websocket stop..12:24:31.486.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:25:31.320.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20260523.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1341
                                                        Entropy (8bit):4.979678240688832
                                                        Encrypted:false
                                                        SSDEEP:24:qgrDAgAEGnn2tvaRdzDAXbUQ3TGm2tvm2gDARkT:VDhKnnauD2bkReFDskT
                                                        MD5:DB1A0DD557584509509018E78CD66158
                                                        SHA1:16D227DBB28983DF4C47DDBAE2E87A905852EBEA
                                                        SHA-256:8C5970DB331D1DB5B0C629D2725AC69CDB8F6FA35A2AB1C5461A68EFC43DEB24
                                                        SHA-512:E2D30A353C3DD961B8C7E631AF35D21FF3434DFD508255CC62348A170D1B0B2E9E316DB2E42674F2F55EAD146DF8341CCEF9D9684A83130689A8F451E9D4A36E
                                                        Malicious:false
                                                        Preview:17:00:02.028.INFO.Signaling force websocket stop..17:01:15.269.ERROR.Socket unable to read..17:01:15.279.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:01:15.279.ERROR.WebSocket connection error getscreen.me/signal/agent..17:03:40.634.INFO.Signaling force websocket stop..17:04:37.107.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:05:08.196.INFO.Socket connected to getscreen.me:443..17:07:00.441.INFO.Signaling force websocket stop..17:07:00.982.ERROR.Socket unable to read..17:07:00.982.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:07:03.240.ERROR.WebSocket connection error getscreen.me/signal/agent..17:09:26.741.INFO.Signaling force websocket stop..17:10:01.333.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:10:16.804.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20260526.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1122
                                                        Entropy (8bit):4.948207707838491
                                                        Encrypted:false
                                                        SSDEEP:24:8ALHG+htvIdHDAgYbV1cG+ZtvhdQtjDAgWbVMG+pbktvv:vm+DEDpYbVj+rpdGjDpWbVB+VE3
                                                        MD5:639A1A817EEFABEAD9226E89F1592762
                                                        SHA1:88C4B9260235EA604B631FBA4B15ED910704E0E8
                                                        SHA-256:2749E988016A552306DA588543F6B851B8A180D46C81F0B7D6FDB491903C2C02
                                                        SHA-512:32FD40C9FCA352D5367BC455B8BB4FE5CBE570D54084A4911E1F0F47782E3AF99E76E226B7DFB79F06863B41E43CB484997316E9A21E55FD7F9BE1FC8720B198
                                                        Malicious:false
                                                        Preview:20:28:05.842.INFO.Signaling force websocket stop..20:29:58.441.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:30:04.499.INFO.Socket connected to getscreen.me:443..20:32:21.910.INFO.Signaling force websocket stop..20:32:22.472.ERROR.Socket unable to read..20:32:22.472.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:32:22.472.ERROR.WebSocket connection error getscreen.me/signal/agent..20:34:05.033.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:34:13.587.INFO.Socket connected to getscreen.me:443..20:36:28.818.INFO.Signaling force websocket stop..20:36:29.400.ERROR.Socket unable to read..20:36:29.781.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:36:29.781.ERROR.WebSocket connection error getscreen.me/signal/agent..20:38:00.012.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260528.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.988721418368761
                                                        Encrypted:false
                                                        SSDEEP:6:ZXXIX+WgIJUGjvEMAjvEud2M0CCQP5K0CrvADNBQEQ4:FYjvCjvRQj8P40Svq5T
                                                        MD5:4A41EEF4358F2C3D35162ADA790485A8
                                                        SHA1:860248DB3AC67E5B07958B1411B3F2857F489439
                                                        SHA-256:E9EFA17CCBE54C5DEE132F9B82E7B1FBDBD8082D8DC2316C6AEC694E6DE75CDD
                                                        SHA-512:17FD6568B98D161AEFB375430694661B56E11D58F4E4F435F38C746C82E778FE123BF0751D042ED6E837E77F3B4EF7BE438EF176491126D4AC07B719C29AF460
                                                        Malicious:false
                                                        Preview:23:54:26.041.INFO.Signaling force websocket stop..23:54:28.964.ERROR.Socket unable to read..23:54:28.964.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:54:28.964.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260530.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1489
                                                        Entropy (8bit):4.975228726443475
                                                        Encrypted:false
                                                        SSDEEP:24:OaemPGhtvZhDACICiG4tvLKDAumGMtvwiXJDAE15:OaerDrDLIOYuDjf8IkDpn
                                                        MD5:B5CF6F497C02E2051C1A0DA46218E8F7
                                                        SHA1:235388373B3FD45C66A15F95F668AA08522DB475
                                                        SHA-256:B32E5735D531C5CA0D3E9DFA9B8DBF53C4089788838F90727DB4FC281F403C42
                                                        SHA-512:C24312CEE550A2DF4BD057D85EEA8C71F26216D66859CBD76C622F0A1B044A936C2A38948594F9AAFF2517C6A4E6B6EA4994B34644AC9641D108C7A915A00302
                                                        Malicious:false
                                                        Preview:03:09:27.642.INFO.Signaling force websocket stop..03:09:32.460.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:09:32.470.INFO.Socket connected to getscreen.me:443..03:11:44.989.INFO.Signaling force websocket stop..03:11:44.989.ERROR.Socket unable to read..03:11:44.989.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:11:44.989.ERROR.WebSocket connection error getscreen.me/signal/agent..03:13:57.337.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:14:05.820.INFO.Socket connected to getscreen.me:443..03:16:20.841.INFO.Signaling force websocket stop..03:16:21.212.ERROR.Socket unable to read..03:16:22.144.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:16:22.144.ERROR.WebSocket connection error getscreen.me/signal/agent..03:18:24.530.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260601.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.757576742014491
                                                        Encrypted:false
                                                        SSDEEP:6:uG7mXIX+WgIJUYyxQXIXNLD4EQPiFs2dzvRWl8Rvvn:uQmiyxQCheixtvvn
                                                        MD5:F6A46F4DF6617A40E2CE030950C2798B
                                                        SHA1:C44939AD4388D9DAFC9CD6D12E94749E4887D712
                                                        SHA-256:72BAD85AECBCB87F38E360E04AAF1642D6673429684D5CC00D7CBACDF2056BA9
                                                        SHA-512:4F0FEB289AEFECADAF5B374450C208C5ACAB0AC8CE9EC0F065EAB79EE78B1B8C8A6A7F0324610F0DA8567144AD9B0E0264750E2F144980E5F867E46B6B4A4748
                                                        Malicious:false
                                                        Preview:06:38:02.560.INFO.Signaling force websocket stop..06:38:05.303.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:38:11.425.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260603.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1688
                                                        Entropy (8bit):4.9721591083166174
                                                        Encrypted:false
                                                        SSDEEP:24:LQU03DADs8jnXG7tvtKmDAl8FQG2tv9K/5ADAuvEGYHXtvyX8jDAkAT:LKDhg2RlnDwoalS5ADZv5oqUDiT
                                                        MD5:B4B4D514D3C779B3A8B241900D2FEF4D
                                                        SHA1:D957F499CF5FB96059D970CDDDF0D0D322FA921D
                                                        SHA-256:FC1B9AA7C74034AB883E9242EE862F9C4B6357CAF0F3F9C87CFDB4EA4B0CDF05
                                                        SHA-512:6BE0F631DF381421B50BF19FB8F32EDCEB9EAA94FAAA55FB230D8EE29717067755F66EEDBFB87FBE64ABCDF258FE93EB756B421062FE9C68C0F29942293B2891
                                                        Malicious:false
                                                        Preview:09:52:56.395.INFO.Signaling force websocket stop..09:53:00.154.ERROR.Socket unable to read..09:53:00.154.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:53:00.154.ERROR.WebSocket connection error getscreen.me/signal/agent..09:54:29.283.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:54:38.474.INFO.Socket connected to getscreen.me:443..09:56:54.010.INFO.Signaling force websocket stop..09:56:54.391.ERROR.Socket unable to read..09:56:54.422.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:56:54.432.ERROR.WebSocket connection error getscreen.me/signal/agent..09:58:31.364.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:59:42.147.INFO.Socket connected to getscreen.me:443..10:00:45.347.INFO.Signaling force websocket stop..10:00:45.578.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20260605.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.780600595014589
                                                        Encrypted:false
                                                        SSDEEP:6:ljmiXIX+WgIJUU+SXIXNLD4EQXI2dzvRWl8Rvvn:ljTKzChV2tvvn
                                                        MD5:39C9392A5AC94916C78780EE50844063
                                                        SHA1:7FF442BFD77836CC2DD6BA057932E210BC9F4D6E
                                                        SHA-256:12CD48E272A08C90ECCD1F9F6B6C7C34FD6ADA080EB6AC790C17C16B22565088
                                                        SHA-512:DF5DD3E9DBBB439335F55627536F19640B8B53D6DDCEB6F124D4196C207E994E21F1BBD9D109577889021B53028FBE64F1F1C36D551D15FD546ED900BD398006
                                                        Malicious:false
                                                        Preview:13:20:10.523.INFO.Signaling force websocket stop..13:20:54.999.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:20:56.824.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260607.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):5.011300749287778
                                                        Encrypted:false
                                                        SSDEEP:12:bKUQj8P40I5RE2Ch0CtvvxxiKSXQj8P4045T:bdDARC2GZtvZxirDA1T
                                                        MD5:05C7C2047797C90A7E5E95F95B6E656A
                                                        SHA1:5DDFA90EB76DBDBC7D72B7984CBF53681D5F3FFD
                                                        SHA-256:713B0F361896A373BC0C125B831B1B1CD07FF5E346CD23E06C5F02AFDC6F5695
                                                        SHA-512:F34F16B54354E54CAAB1C5611A6424ADBF4C446B7424E22746F63E77D4E9D520DCF438E67600B59D3E00552B31FDF0C0B3EE4FB4A4708B5024154607C1B536E8
                                                        Malicious:false
                                                        Preview:16:35:33.787.INFO.Signaling force websocket stop..16:36:35.552.ERROR.Socket unable to read..16:36:35.572.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:36:35.572.ERROR.WebSocket connection error getscreen.me/signal/agent..16:38:32.156.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:38:37.789.INFO.Socket connected to getscreen.me:443..16:40:56.800.INFO.Signaling force websocket stop..16:40:57.292.ERROR.Socket unable to read..16:40:57.322.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:40:57.322.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260610.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.967831175093687
                                                        Encrypted:false
                                                        SSDEEP:12:J8kiKtXChhGtvvKGXKk3CxQj8P40aK5bV2XCh+htvvn:J8kiEXGwtvpXZUDAibVaG+htvv
                                                        MD5:00A07EF4046D859901A7DE404396C01B
                                                        SHA1:417C35A635274384694AC7518534CF1DF9372AF4
                                                        SHA-256:F6DC7D4AC3E988956664E5146174BBEA718D40E0BDBE171A22DD6A7333955603
                                                        SHA-512:DB3342589B3647FC0F8F73AA700FFACE79238EB109E35774257BBDB6BDCC396C17AAD5DE78A0E545CAE95038A057C131F8F470C58080A86B7C2ADAF964466514
                                                        Malicious:false
                                                        Preview:19:57:17.545.INFO.Signaling force websocket stop..19:57:19.417.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:57:26.612.INFO.Socket connected to getscreen.me:443..19:59:32.767.INFO.Signaling force websocket stop..19:59:33.169.ERROR.Socket unable to read..19:59:33.199.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:59:33.199.ERROR.WebSocket connection error getscreen.me/signal/agent..20:01:25.897.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:01:31.293.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260612.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.963211163981714
                                                        Encrypted:false
                                                        SSDEEP:6:h9X2XIX+WgIJUGDf6HMADfYkqHud2M0CCQP5K0C7fhDNBQEQ4:XmYWf0jOQj8P40+5T
                                                        MD5:80BBE27FE288F322578D22ABEC7F4D63
                                                        SHA1:F7B9FA50B9EF74E91A8F1B66D3284652B286A10D
                                                        SHA-256:934BF4088E04F9637F7471AF140886A442237DE6FDA7E7A64958ACCCA452B5AF
                                                        SHA-512:6F61243618D2CA75FE4CCB75BF242A229F93624F46611ACF2BE773918720367ACB811EEF8F531D981EC1444CDB9D3065B02DA0B92A6C21201DBF92E014E4D850
                                                        Malicious:false
                                                        Preview:23:17:02.807.INFO.Signaling force websocket stop..23:17:05.647.ERROR.Socket unable to read..23:17:05.667.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:17:05.677.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260614.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1122
                                                        Entropy (8bit):4.95666128916863
                                                        Encrypted:false
                                                        SSDEEP:24:+QBGoqtvlZpsChDA9ySG2ftvlhGa6DAxhGFg12tvv:woeNZSChDKyz21Nka6DcsFAa3
                                                        MD5:B9173EFEB48868A6D95BE88A9290827F
                                                        SHA1:594D3BEEECFE9B60F012CA7B61B211B2D15CAE1D
                                                        SHA-256:988F38C2DD856A58AF24436E1D92C7BA9EC101D321BC4FA64B5AF017583067F1
                                                        SHA-512:BCEB36307C62261295CABBA88995A230C0D8551D940B2038BE37804B5EB0B65C7BA18CA4A844A2F7DEA825A5945381E537746A81B213C5862AB55DA18B8AAE63
                                                        Malicious:false
                                                        Preview:02:32:44.765.INFO.Signaling force websocket stop..02:32:53.695.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:32:58.538.INFO.Socket connected to getscreen.me:443..02:35:08.058.INFO.Signaling force websocket stop..02:35:08.470.ERROR.Socket unable to read..02:35:08.470.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:35:08.470.ERROR.WebSocket connection error getscreen.me/signal/agent..02:37:18.429.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:37:22.474.INFO.Socket connected to getscreen.me:443..02:39:42.238.INFO.Signaling force websocket stop..02:39:42.539.ERROR.Socket unable to read..02:39:42.820.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:39:42.820.ERROR.WebSocket connection error getscreen.me/signal/agent..02:41:39.620.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260616.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1285
                                                        Entropy (8bit):4.984136807931775
                                                        Encrypted:false
                                                        SSDEEP:24:Rk/MDAnrMG1tv/tDAARtrpWiGeztvDXVaJajDAAVaAT:mkDCrBnNDTPWDUhD9T
                                                        MD5:160A1FE8957E9E951F17FCFCD2359813
                                                        SHA1:E03211F710191BE282207FFD6749A68DE859C920
                                                        SHA-256:5239A04B1F5D1DD738E740F66063B68A4CEF6A0D79582CDF3D6030EA87336DE3
                                                        SHA-512:3BDB0FF03B73FDE73567D9325D8BC55625919560EE39D8A83E83D0B11213345CFA9BFFBF18D20A068F1E5B4502BDB38DC410BBF8AEED4E3CA8192909E0887385
                                                        Malicious:false
                                                        Preview:05:56:46.711.INFO.Signaling force websocket stop..05:56:50.951.ERROR.Socket unable to read..05:56:50.971.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:56:50.971.ERROR.WebSocket connection error getscreen.me/signal/agent..05:58:07.175.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:58:07.849.INFO.Socket connected to getscreen.me:443..06:00:32.693.INFO.Signaling force websocket stop..06:00:32.813.ERROR.Socket unable to read..06:00:32.813.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:00:32.813.ERROR.WebSocket connection error getscreen.me/signal/agent..06:02:45.790.INFO.Signaling force websocket stop..06:02:53.652.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:02:54.327.INFO.Socket connected to getscreen.me:443..06:05:18.485.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260618.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4044
                                                        Entropy (8bit):4.987241861815125
                                                        Encrypted:false
                                                        SSDEEP:48:t1ayDr9vI41Dj+Rg0D7aeQ73DwbNRNDrvemz98DozBPbBdBRD1BC4QiDHuQ3:tlJ9F+RHRpbNvvJBC45uW
                                                        MD5:EEF3EAD789D6C6D09C43C635CC4B0CFA
                                                        SHA1:00D26D1604522839F4C24BFC911B10688399BB7A
                                                        SHA-256:36AC9687A3602A39B5B26D3506B2C69C46508D82E9626949B9B6E52649EFCE6B
                                                        SHA-512:0113B7E9F27A219792AF008C1B96561D85E9355C19C6428C86812E3CC844A1A8D1127310BC9003229A848E4482FE1527A421F254705D63BB65E22FE7232E2537
                                                        Malicious:false
                                                        Preview:09:21:09.460.INFO.Signaling force websocket stop..09:21:43.304.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:22:21.366.INFO.Socket connected to getscreen.me:443..09:24:08.645.INFO.Signaling force websocket stop..09:24:09.016.ERROR.Socket unable to read..09:24:09.036.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:24:09.036.ERROR.WebSocket connection error getscreen.me/signal/agent..09:26:34.254.INFO.Signaling force websocket stop..09:26:55.816.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:28:12.779.INFO.Socket connected to getscreen.me:443..09:29:09.972.INFO.Signaling force websocket stop..09:29:11.234.ERROR.Socket unable to read..09:29:11.244.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:29:11.244.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20260620.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.9823938701043
                                                        Encrypted:false
                                                        SSDEEP:12:VmKgINIBQj8P401I65sXCh3qFQtvvPGvKBr6rxQj8P40yrK5T:Vm5DAUsXG6FQtvXGvwuFDAFuT
                                                        MD5:5CA2A3F6CB16F49965ED39254C345434
                                                        SHA1:D61E1FE13B7C2678AAF53DDB0BF2C2103AA35687
                                                        SHA-256:B54154CA1D6B40A94BEE331185C744F4D69DDA6A9B1A9B28DA4237DD4ADE8065
                                                        SHA-512:32862C3D044BDAF26F3EF8AEF65A57566D279601AD09A520ACC44012377051814E9F2CC467F8DF7137FE13A7348ABD59D8CEF88F7F5F75ACE95A23F98FEE40FC
                                                        Malicious:false
                                                        Preview:13:17:10.489.INFO.Signaling force websocket stop..13:18:18.434.ERROR.Socket unable to read..13:18:18.434.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:18:18.434.ERROR.WebSocket connection error getscreen.me/signal/agent..13:19:30.953.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:19:31.422.INFO.Socket connected to getscreen.me:443..13:21:55.227.INFO.Signaling force websocket stop..13:21:55.538.ERROR.Socket unable to read..13:21:55.538.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:21:55.538.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260622.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.956053821153277
                                                        Encrypted:false
                                                        SSDEEP:12:ZQm2KDCh0eimtvvzXKy6Qj8P40db5ZmChRtvvn:Z2yG5tvjADA6ZmGRtvv
                                                        MD5:1A2309BCEBC3DF450E8962D7366C684A
                                                        SHA1:AD4F56F9780192290D3BE631FDC54698834045DA
                                                        SHA-256:9E7FB44D155D6622E82BEB105D622BEF99BD71BEAEC63D885CA1E871253157F6
                                                        SHA-512:649A5779F81C5723C6D8AB98550928A6D38AE1476C77BFE2CECBCB63D5B88ADDAE487A11976223D63897EE94E7DC977B0D675F5B48DD064D7AC63EE69869228D
                                                        Malicious:false
                                                        Preview:16:36:43.751.INFO.Signaling force websocket stop..16:37:16.633.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:38:23.122.INFO.Socket connected to getscreen.me:443..16:39:30.537.INFO.Signaling force websocket stop..16:39:30.617.ERROR.Socket unable to read..16:39:30.618.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:39:30.618.ERROR.WebSocket connection error getscreen.me/signal/agent..16:41:40.602.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:41:41.980.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260625.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.98460112561964
                                                        Encrypted:false
                                                        SSDEEP:6:wiXIX+WgIJUUbEMsEud2M0CCQP5K0C7ADNBQEQ4:wiKMQj8P40x5T
                                                        MD5:6D14233DFE9D07E28051AA13F4EE91AD
                                                        SHA1:7672617865A141955BE994A11375821274EE31EB
                                                        SHA-256:6E957B83DC78BCBA338C87DCB347A1D929B2C8E6E674E8B98B23D23F7199FCAD
                                                        SHA-512:E1305FD31C7F2C475CB7375099B48AAB0C25A10AC25EDBB969A32F4BABC49AC7D0306F63081DB6EF3A31CB05B684959E79B4C9FAAEA8C86D5999C2AF9188B447
                                                        Malicious:false
                                                        Preview:19:56:35.981.INFO.Signaling force websocket stop..19:56:38.148.ERROR.Socket unable to read..19:56:38.148.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:56:38.148.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260627.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.751188830308707
                                                        Encrypted:false
                                                        SSDEEP:6:6iXIX+WgIJUGW2XIXNLD4EQWKjmdzvRWl8Rvvn:6iYW2ChxXtvvn
                                                        MD5:5BB9A1BB496619EEB2134CC543D0B900
                                                        SHA1:6097C7545DAE261C2DFF31C962EDE54EC08ABE90
                                                        SHA-256:572453B6B92E927F151281F8EE4BD8E8FF89D02DC2423ACB478E3CB63DD67AC0
                                                        SHA-512:9267E1B03186233C863E8EE89EE9D4E59C774CA0E0DDA2B2A301510953BB7BDB73C356FED9D0F28C3B9EE03DD6872683C7DD5B1291F569D39F4B1838FEC16662
                                                        Malicious:false
                                                        Preview:23:11:42.921.INFO.Signaling force websocket stop..23:12:08.396.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:12:08.620.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260629.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.970023932506556
                                                        Encrypted:false
                                                        SSDEEP:12:NOrjmBQj8P40x+65pOKChavtvv9E5ys6Qj8P40xNX5T:guBDATS7GwtvlEZ6DA4T
                                                        MD5:6521908CE001744BD532AB33615E162B
                                                        SHA1:7E060BA3E48DE4EAB1A15666ADBE8E2110091A42
                                                        SHA-256:866D8466A81501ED875258F5F7475624254CC29FE88342C82EC09485F975F0D7
                                                        SHA-512:1A6A28243F64EFB6E22C60A4C031EA91C610BB0DC4C1E1CEBD7EFE768798F87AAD849BA4BE8088DA62C0F850427C93423ABA9E5D23106364F3CD1BB47C7C3C70
                                                        Malicious:false
                                                        Preview:02:28:15.310.INFO.Signaling force websocket stop..02:28:17.448.ERROR.Socket unable to read..02:28:17.478.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:28:17.478.ERROR.WebSocket connection error getscreen.me/signal/agent..02:30:17.482.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:30:26.857.INFO.Socket connected to getscreen.me:443..02:32:40.821.INFO.Signaling force websocket stop..02:32:40.941.ERROR.Socket unable to read..02:32:40.971.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:32:40.992.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260701.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.757462287781333
                                                        Encrypted:false
                                                        SSDEEP:3:07+eJ9aXXINF+WgIO0/Vyn:07TJ92XIX+WgIJUn
                                                        MD5:6487E3DFF714CB33BF97091A4CDB63AE
                                                        SHA1:3DAFC769FC09014C9DBCA3E51F8D200CFFAAF709
                                                        SHA-256:6F623BAB8FB604FC08FFD25AE59890685A8BDE91AAAD3DEF4D8BAE681F3ED7CE
                                                        SHA-512:536E79F5F4B374A47D82A538524E7B8801C28B44F4DF63623FDDE6BEAFEC2FF6E111CE7ADD6CC904666AE91403F5D146BAC1808F19EF3B48F295F284C8676E98
                                                        Malicious:false
                                                        Preview:05:48:35.152.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260703.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.7601849232676265
                                                        Encrypted:false
                                                        SSDEEP:6:4+Qs2XIX+WgIJU2mzXiXIXNLD4EQ+KH5idzvRWl8Rvvn:1F2oYiChWZitvvn
                                                        MD5:3A8EB89514184BE25469A1EEF7C8A9A7
                                                        SHA1:0A1B950C51DF3C68323342C853A6ADBBE3E49FFF
                                                        SHA-256:3DDD6F426517A2FB305D3052AD1C665C972D31BFB38B5FBFD14252BD141C9899
                                                        SHA-512:D48D1BFFF2BCB53B3C4D9835A3C3880E22811CD17A8D5FACF0A56C7915312F97C8C221F7574132EAA89CA8E1CD81AE86405ED6E120EB7FF0AF5785E6EE5345E0
                                                        Malicious:false
                                                        Preview:09:03:49.306.INFO.Signaling force websocket stop..09:03:52.478.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:05:01.450.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260705.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.980784112733167
                                                        Encrypted:false
                                                        SSDEEP:6:ODTL7r2XIX+WgIJUUsedLmAMjedLm5kqHud2M0CCQP5K0CMedLm5kqDDNBQEQ4:S2KsCL8CLs6Qj8P408Lsb5T
                                                        MD5:AC0733DD77F8BCF017F7AEF5B6B7685B
                                                        SHA1:507CB7BB0EDAF8918566E221F6F5EDE7E348EA24
                                                        SHA-256:1751039F3AD95C515C96BBDCC5B81C1A3A6CB92404A54F1528691E91BE439768
                                                        SHA-512:C9575DA59962CBC3EF9B3ADC82D4D8BE0BF8F9AE26DC3B4603E1819332B25324F5FBC4FC3C2D8FBDEAA2152243FE5D4EAAFA2B66D2E676E3976827E1E4D93A43
                                                        Malicious:false
                                                        Preview:12:19:46.026.INFO.Signaling force websocket stop..12:19:48.704.ERROR.Socket unable to read..12:19:48.705.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:19:48.705.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260707.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.742363981976451
                                                        Encrypted:false
                                                        SSDEEP:6:Wzjqs2XIX+WgIJUUlJWFQXIXNLD4EQRLOrXdzvRWl8Rvvn:IjmKrW6ChA2Xtvvn
                                                        MD5:164FE50011EC97DAE36003456A1AD5B5
                                                        SHA1:B643D7AF2098B17BCC5432C96671E17900C4DDEA
                                                        SHA-256:A7F9861D8B94BB6061B7884410135AD10D889604E8450E24F895AF5804B53123
                                                        SHA-512:F522AA988F7001242AE93813987390858E8D9D03D8C52F4343A0E91D7A9B5B275003A429FE4228271D1B6ACD58451EA5821A5C4BD26FF4FC08E50CD93400D962
                                                        Malicious:false
                                                        Preview:15:34:46.125.INFO.Signaling force websocket stop..15:35:18.320.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:35:28.123.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260709.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.806656707462825
                                                        Encrypted:false
                                                        SSDEEP:3:EfQV538ss2XINF+WgIO0/Vyn:EY5MQXIX+WgIJUn
                                                        MD5:CC95A9E4D0BA023A4A79C9086519F706
                                                        SHA1:3B80401D49C562FEF407DC0CE728C5849E67DDC8
                                                        SHA-256:47C06499226881FB2487178B70BDDB6D96161681F522CF56684D12BFAA4A8BED
                                                        SHA-512:CDE3702B651817D783E93DE29695D81FCA8A4A4476A0B64675EAFAE65FD910A4C6F6C85B58C498B4985225792D73C15AFE78B090060EFED7A8A1E876358EF613
                                                        Malicious:false
                                                        Preview:18:50:42.603.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260712.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.983002620565619
                                                        Encrypted:false
                                                        SSDEEP:6:sKMtyud2M0CCQP5K0C+r2DNBQEQaXtcLlyXIX+WgIJUn:QQj8P40s5be85
                                                        MD5:8ACB88F02B5C77620A3C137B345DF285
                                                        SHA1:736D3FF57F9DD8D9A5854CF93CC5047922D93D0E
                                                        SHA-256:66D1DF5DCD7E6A7DA8A049BA1E9023610F80F30A21D81AFCABDDF31394AA0BBE
                                                        SHA-512:0774ABF189AF48C9248C8212B796F3C14761711EF4AA46C33CE6379C79689CA5F6483A4C0B150470BB4696F9CA46AD7B1E4432A31A027E5764962745007E71ED
                                                        Malicious:false
                                                        Preview:22:05:12.537.ERROR.Socket unable to read..22:05:14.644.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:05:14.644.ERROR.WebSocket connection error getscreen.me/signal/agent..22:07:39.918.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260714.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.93670866480364
                                                        Encrypted:false
                                                        SSDEEP:6:g+JjmXIX+WgIJU+/8QXIXNLD4EQbd2dzvRWl8Rvvd7mXIX+WgIJU+/ELPMofXELP:Gg1Chc2tvvAgynQj8P40Wtb5T
                                                        MD5:92B0EBFD67CE412404D4F118F80077AF
                                                        SHA1:0D94E1ABD637D7659937C5FA64CBCF6DF9832885
                                                        SHA-256:8D23B97EA69F594A511000C18F752F21FD92A832515DB8147C0977A616AF536D
                                                        SHA-512:E03862307B27EBC9E3395B98366FAF85645CCEE2CF68517286EEC20502368B3771A2388E19B58A538564EF7655DC08F6332BF78FBCF5F314A2B5DE8B6184D97B
                                                        Malicious:false
                                                        Preview:01:22:09.822.INFO.Signaling force websocket stop..01:22:10.059.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:22:21.194.INFO.Socket connected to getscreen.me:443..01:25:32.980.INFO.Signaling force websocket stop..01:25:33.201.ERROR.Socket unable to read..01:25:33.221.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:25:33.231.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260716.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.6637995646056805
                                                        Encrypted:false
                                                        SSDEEP:3:f/e/Tss3X2XINF+WgIO0/Vyn:e/ZX2XIX+WgIJUn
                                                        MD5:BF6FCF89DFE2F3200C0C4518BFCEF549
                                                        SHA1:2D62A69A7CFBF62359C5A42B6BAB24584FDA4F51
                                                        SHA-256:F600AF0C3AE2A05AFE8BAFD99A97FE76F213015AD8D7138977F573B695F05F66
                                                        SHA-512:9E9483EB73B813B1E38CDB1B2A436D374572B63EC4F6D6581E713D4EE93B9C3EABF92ED89D9049458186EB3B741D6FDB54474777F6F3C2AB4E0C877C59C6B448
                                                        Malicious:false
                                                        Preview:04:40:25.006.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260718.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):83
                                                        Entropy (8bit):4.557352426038272
                                                        Encrypted:false
                                                        SSDEEP:3:SQm2XINFDhL1JDEELD8Kru5:SQm2XIXNLD4EQh
                                                        MD5:A6744B6BBAC904C4B7362C1A67C4909E
                                                        SHA1:4A14AAEEBEA5046F07A3E79948F19064CD00FA7E
                                                        SHA-256:1968FF4D79C06C9A1E825997613939F80AEF0BD104D8AADE3FCA1F3689942664
                                                        SHA-512:35239674BD0B15ABFC3A6666620996FD7DAA4537EDA7F87848B76D7ECE7B2DDFA30C710F2C07D63BFCBF3AFE3C18002FBAFC0E46F32BF0D497C67D06B31B69E4
                                                        Malicious:false
                                                        Preview:07:56:55.317.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20260720.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):665
                                                        Entropy (8bit):4.924845714427353
                                                        Encrypted:false
                                                        SSDEEP:12:52K7IOyvvd51OQCh0Ttvvur2KujQj8P406FU5T:oROyvL1rG0TtvjDjDAFAT
                                                        MD5:5C02E3C95FC388839B0381C3DBB589AF
                                                        SHA1:CE640AE7CB59056F62132B11C38A5C7126C4CB0C
                                                        SHA-256:49232DDB6E0BC8F2133A63F2D8631EE07B9204D3221F7037750AF5D3A8F082A9
                                                        SHA-512:2803C5928A468AA7753862D67C526E797D8A737626895531C12C6BC3D05E06251538B043FA90C7108F5A425E85B2271FD601563ADE30ACE86C06DE3F18BC6771
                                                        Malicious:false
                                                        Preview:11:11:27.704.INFO.Signaling force websocket stop..11:11:30.503.ERROR.Socket failed connect to getscreen.me:443..11:11:30.707.ERROR.WebSocket connection error getscreen.me/signal/agent..11:13:34.099.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:13:38.815.INFO.Socket connected to getscreen.me:443..11:15:57.494.INFO.Signaling force websocket stop..11:15:57.564.ERROR.Socket unable to read..11:15:57.584.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:15:57.584.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260722.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):719
                                                        Entropy (8bit):4.967014203925619
                                                        Encrypted:false
                                                        SSDEEP:12:I7XK/ChWN2tvv1WKIOQj8P40Cn5p1ChWjXtvv1gzQ5:GXWG/tvY+DAzzGIXtvyQ5
                                                        MD5:F293FAD670DF15D09AFD8DB5FDE47CEA
                                                        SHA1:7191A6C56885B2C6F4B3F299D4B8D26837B47C43
                                                        SHA-256:D527D55650D14E6CC58D26F7BE81C120D7C0746AA2D96BAFBC7E003EB1070CFA
                                                        SHA-512:2794C31E137F64276434E1426A4FC4ECF272CF4FAAA32AAAC35BC908C8C6C77F25542FECE50AE29A28C462B30886DDA16ECA4A3C5854F977E4C1363FEFB66B48
                                                        Malicious:false
                                                        Preview:14:30:29.388.INFO.Signaling force websocket stop..14:31:41.611.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:32:42.974.INFO.Socket connected to getscreen.me:443..14:33:55.698.INFO.Signaling force websocket stop..14:33:55.909.ERROR.Socket unable to read..14:33:55.919.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:33:55.919.ERROR.WebSocket connection error getscreen.me/signal/agent..14:35:11.118.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:35:20.967.INFO.Socket connected to getscreen.me:443..14:37:35.033.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260724.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):255
                                                        Entropy (8bit):4.908227438289161
                                                        Encrypted:false
                                                        SSDEEP:6:XMuWhT6Uud2M0CCQP5K0CRWhT6QDNBQEQ4:KeBQj8P40Yse65T
                                                        MD5:029F6F1BCB87C4B8ADD3FDA168543E84
                                                        SHA1:55E939FC13F2C2057D3E6756485AE865E7F5057A
                                                        SHA-256:F87C1366E6A06AEDCC98A83C605B9F7A4BDDF7825B0ABA2B46A6113DB801DB48
                                                        SHA-512:F9E8D4918EE1D3B5BA541C9A80D6080DE888F0422219E35138A03E941CA0B56E2694EE9ED9F262CCE7456BF121AFA08BC8B5E2DE5B88FF99306B72C232953179
                                                        Malicious:false
                                                        Preview:17:53:25.840.ERROR.Socket unable to read..17:53:28.652.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:53:28.652.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260727.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1122
                                                        Entropy (8bit):4.961423141465114
                                                        Encrypted:false
                                                        SSDEEP:24:KRwGltv/2pg6DAXbo2G+ytvh4DA0bun2GZQtvv:6XnQDubov1GDBbKvZA3
                                                        MD5:F32DB4BB4A48652F16F4F27981C0565B
                                                        SHA1:F17AFF43E74D87377EC87A10DB11A2BBBBC38BB2
                                                        SHA-256:A7239F74579F9FE1B5C302F6FCCDF33D062CAC805BD78DE122437355208B17D8
                                                        SHA-512:57355F781CF1852628F787FFF2B08B7FF4D6A4C2816CAFFEA6E2AEAB057E2D317A5B9244076ECDC5E83D19434029E6B9A5AF35F0637E6E5B849F4C44155E4D27
                                                        Malicious:false
                                                        Preview:21:08:53.481.INFO.Signaling force websocket stop..21:08:55.324.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:09:00.437.INFO.Socket connected to getscreen.me:443..21:11:21.136.INFO.Signaling force websocket stop..21:11:21.728.ERROR.Socket unable to read..21:11:21.728.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:11:21.738.ERROR.WebSocket connection error getscreen.me/signal/agent..21:12:22.436.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:13:24.948.INFO.Socket connected to getscreen.me:443..21:14:34.129.INFO.Signaling force websocket stop..21:14:34.360.ERROR.Socket unable to read..21:14:34.600.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:14:34.620.ERROR.WebSocket connection error getscreen.me/signal/agent..21:16:08.856.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260729.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.936740191102904
                                                        Encrypted:false
                                                        SSDEEP:6:u/XIX+WgIJUAQLhMCQLnkud2M0CCQP5K0CCoQLuDNBQEQ4:I6QLdQLnxQj8P408QLM5T
                                                        MD5:6AE4D28954FAABFCBB99F78074AA6545
                                                        SHA1:BD0F280FC2E113DD31EE960429A007878F76216B
                                                        SHA-256:775A5BC3BBF255D04B557D19ECE6D9C0BDA6708FEC314B0611298F5C84ED79F6
                                                        SHA-512:21851F606D5D337B54CFC55764FF2BF644BF435DD5FB7D6695C94B3752479D32C5B8A30327B2843DF8BBA75BAC598D498E08086B872F69A751664C03E9A62810
                                                        Malicious:false
                                                        Preview:00:32:55.852.INFO.Signaling force websocket stop..00:32:58.926.ERROR.Socket unable to read..00:32:58.956.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:32:58.976.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260731.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.757462287781333
                                                        Encrypted:false
                                                        SSDEEP:3:OmXlsXXINF+WgIO0/Vyn:OmXaXIX+WgIJUn
                                                        MD5:35C778DC0D79A4A8AFDB47FA560B8024
                                                        SHA1:8BBEBC7FBA36952884E92A50AB82E2FE40795063
                                                        SHA-256:EC180392088A185CFA473AD0D153FCEF901C8E2AB75AA402461E66958E59CA9D
                                                        SHA-512:934EF3E57860C7BB78A6A33FD0BCFFEC5A39B93836EB84E9F3DA967D9F6F65290ADA3266F1C4DD708CF64AE395DC92E4A26F5C90A341486B046689D479A37B05
                                                        Malicious:false
                                                        Preview:03:47:35.123.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260802.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.686033716352762
                                                        Encrypted:false
                                                        SSDEEP:3:SVRLWX84qXXINF+WgIO0/Vyn:S7v4mXIX+WgIJUn
                                                        MD5:5680DD634F403031F7FFEC3D16E5C84E
                                                        SHA1:80BB537A2673B963EBB299A8BDBAE541B2777A68
                                                        SHA-256:5AC8F0B1DA63C051901471D412966134558702EE6889F96357CFFE62D5A88562
                                                        SHA-512:E710B0095B316E832C9418AE6BDCCD52DCF9D308B3508D1814066F1757420B6A4D259BB7F1A4446C34548EADE9979241AE366A25F09CBFF77E9041B8DD18374E
                                                        Malicious:false
                                                        Preview:07:03:09.322.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260804.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.749083636471104
                                                        Encrypted:false
                                                        SSDEEP:6:MDXIX+WgIJUUCfyiXIXNLD4EQ1RUmdzvRWl8Rvvn:MDKCHChIOmtvvn
                                                        MD5:44D3EB8069EFC9EEFC6A2175AA6B0EB3
                                                        SHA1:7FF32377FC94C9823E065C54462BE610281A5196
                                                        SHA-256:1BDAD384B47B1547970357FAF145A8D08B354F9AF33C2FD4444CD1F3A721E101
                                                        SHA-512:36571B280D68F216907DDD0A425D71CCC319AA939043DB8F3B349664EEE7CB2C1660FFF878F8FDE215557F036F989C9FC2502A5AE49B0B5EDEA9551F572B967E
                                                        Malicious:false
                                                        Preview:10:18:15.053.INFO.Signaling force websocket stop..10:18:15.210.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:19:29.843.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260806.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1433
                                                        Entropy (8bit):4.97793765069806
                                                        Encrypted:false
                                                        SSDEEP:24:J3DAjPGxtvXecDAQ3KGVl2tvX6MljlgDArlPhQO1GXmtvv:RD+OTfhDV7XafVhgDIP6XK3
                                                        MD5:70636E20C0120DEEFAFACB509C8D4CFC
                                                        SHA1:F8E74AFFF4C8C9C71921314E5D9E2A10EA3B0529
                                                        SHA-256:9793C4A1810B9A5F117E31F591E97D659AFAD67F4484F349285B60EDEA0F747B
                                                        SHA-512:7BC890850339F3E308E86F9DE945E0460A6671934D2045D4B45ABE314C2FE5E4728BD5959FDBE21005F8DAB6F9BB3DFD5E6A64C6244E06F8384942265093A4A8
                                                        Malicious:false
                                                        Preview:13:34:40.161.INFO.Signaling force websocket stop..13:34:42.621.ERROR.Socket unable to read..13:34:42.621.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:34:42.621.ERROR.WebSocket connection error getscreen.me/signal/agent..13:36:34.340.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:36:36.178.INFO.Socket connected to getscreen.me:443..13:38:59.092.INFO.Signaling force websocket stop..13:38:59.393.ERROR.Socket unable to read..13:38:59.413.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:38:59.433.ERROR.WebSocket connection error getscreen.me/signal/agent..13:40:49.834.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:41:52.526.INFO.Socket connected to getscreen.me:443..13:43:03.961.INFO.Signaling force websocket stop..13:43:08.449.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20260808.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):7297
                                                        Entropy (8bit):5.015114627523719
                                                        Encrypted:false
                                                        SSDEEP:192:uSSGu5e7lUKZy8bURHiyKQC2oh+WPT52lp5EBQP2vT:AwsXG
                                                        MD5:C77F2212218EC9387042BF06DB22DFBB
                                                        SHA1:09DDB871E2E25BC762D1C1D99A36C47E7A26A210
                                                        SHA-256:2CB04AD74DEA434DFBDC8E884C2C38B0E5376C79428C56177381FB53FAC3F1B9
                                                        SHA-512:4DAE3DA5E533AB83F54E6FCAF8F31AB159192C856AC0477B5E7E4437B4191DB47723122ECF796B9C7E1F415B6B09CCD1F399C57B835E85F5E5817DF84D812B94
                                                        Malicious:false
                                                        Preview:17:02:20.771.INFO.Signaling force websocket stop..17:02:30.449.ERROR.Socket unable to read..17:02:30.479.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:02:30.479.ERROR.WebSocket connection error getscreen.me/signal/agent..17:04:51.320.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:05:49.124.INFO.Socket connected to getscreen.me:443..17:07:25.810.INFO.Signaling force websocket stop..17:07:25.850.ERROR.Socket unable to read..17:07:25.870.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:07:25.870.ERROR.WebSocket connection error getscreen.me/signal/agent..17:09:51.145.INFO.Signaling force websocket stop..17:11:00.719.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:11:37.143.INFO.Socket connected to getscreen.me:443..17:13:25.528.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260811.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1637
                                                        Entropy (8bit):4.985235200478945
                                                        Encrypted:false
                                                        SSDEEP:24:IE2QeGCtvqw/DAxbfpXGBtXtvuIUDAhbyGBMtvuETfKcDACTbCWGBJtvv:IElmHDQbfsRGHDUbT6GQDFbKd3
                                                        MD5:80B383314327046972E6A1CED4B8F190
                                                        SHA1:E004272447A2D0201EB6D8284FCCBE02A810025A
                                                        SHA-256:B0F0CFDF90560D0F613AED9203EB2CCC9038EADFD5FFDBC9E936A665DA16384D
                                                        SHA-512:49D79BD72FE357E1FEA4B6AC572852659601D6D20093C9ED15BCC08048F03EACE225F35204DC92E3E3AED4EFCDE1CE5837CC378F7E13DA1C7D3274F70DA3AA5D
                                                        Malicious:false
                                                        Preview:21:34:50.506.INFO.Signaling force websocket stop..21:35:26.750.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:36:53.441.INFO.Socket connected to getscreen.me:443..21:37:40.950.INFO.Signaling force websocket stop..21:37:41.291.ERROR.Socket unable to read..21:37:41.321.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:37:41.341.ERROR.WebSocket connection error getscreen.me/signal/agent..21:39:50.513.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:40:10.682.INFO.Socket connected to getscreen.me:443..21:42:14.452.INFO.Signaling force websocket stop..21:42:14.522.ERROR.Socket unable to read..21:42:15.023.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:42:15.023.ERROR.WebSocket connection error getscreen.me/signal/agent..21:44:32.088.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260813.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.9211815398448016
                                                        Encrypted:false
                                                        SSDEEP:6:gi2XIX+WgIJU+9yEMofVyEud2M0CCQP5K0CJyADNBQEQ4:Gg9y69yRQj8P40Zq5T
                                                        MD5:C177E2EB820B555F62C929F3284AFA69
                                                        SHA1:2855D8B43AD363E747D5CF0CAA1E084D5565A7C9
                                                        SHA-256:DA509C9B02F16F6793E941199683C18B0A39F18942438AC2560B3A6A27029202
                                                        SHA-512:9848227B0C2366FEF924A772FD8E701D47FA51F140038D67FA1CAEBC2643604D829DE643EFB457D27D8F76029577D7D2A7F0FF6EF6A4EE23863E1DDB9544CFE1
                                                        Malicious:false
                                                        Preview:01:04:35.395.INFO.Signaling force websocket stop..01:04:39.366.ERROR.Socket unable to read..01:04:39.366.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:04:39.366.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260815.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.757781859563346
                                                        Encrypted:false
                                                        SSDEEP:6:NFr2XIX+WgIJU8X2XIXNLD4EQN/mv2dzvRWl8Rvvn:rr2RChJ2tvvn
                                                        MD5:EAF1BDD38514836E0046241E034B92B7
                                                        SHA1:118C30BB17792CF5501E96C82F75A86907D03C96
                                                        SHA-256:23E0052ABBC48B5D509214D239F30727DE564D562F2C39FF7B21D2E5898E191C
                                                        SHA-512:8AE5501ABC974AE649C546BA458439F567962C61050DF0941B268C855A387E72DF51F99B3D01963DFC4580AFCEE17A01460E4E2C79D57F36D575A69A06104138
                                                        Malicious:false
                                                        Preview:04:19:16.696.INFO.Signaling force websocket stop..04:20:26.665.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:20:32.534.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260817.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.91403873540823
                                                        Encrypted:false
                                                        SSDEEP:6:SW35jmXIX+WgIJU4vfQVZMufXfQVZud2M0CCQP5K0CRfQVdDNBQEQ4:SWglfcUQj8P40Xl5T
                                                        MD5:E0F29EE540D177D4D67930673534B3AE
                                                        SHA1:F0C3AFC8B2B710F621FD5AE6A2D246A746791010
                                                        SHA-256:C0A53F081D90999507CC357B041CFFADA86E3FDC1F6AD4CAD65DDFEEFF48C003
                                                        SHA-512:9B593E88EC514CB595DFD5EA459E1C87E465B0684E0BCA5ED02E86F843F34B5C87355C6885C02B9E2EC940EE00147A6B1C87652A2ED40010750DEEA58D261EEC
                                                        Malicious:false
                                                        Preview:07:35:41.349.INFO.Signaling force websocket stop..07:35:53.110.ERROR.Socket unable to read..07:35:53.110.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:35:53.110.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260819.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:MfDfs2XINF+WgIO0/Vyn:Mr02XIX+WgIJUn
                                                        MD5:3661A5E094638B120322DAB4C51B4DCD
                                                        SHA1:B2298F94AAFB1C745A73A8BF8E798EF96BA96329
                                                        SHA-256:94E382321105A0B608DBE37FED8B3E654B3252555EEB013D3C00E8E23AF5551C
                                                        SHA-512:4E79B2CF6B850DAB82832B9640FD8C1532EDA5C435E1964DA7E536C827D2858D0210D2FAE4ECFED16260356C7C79533918E84C79F0A0F8D38687ECD25AA2F53B
                                                        Malicious:false
                                                        Preview:10:51:28.685.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260821.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1433
                                                        Entropy (8bit):4.980047977726684
                                                        Encrypted:false
                                                        SSDEEP:24:U/+GMtvwXfDAbRGutvj8DAwHGQtvti5DAaT:w8oPDKcCgD9mAKDbT
                                                        MD5:EE5542DB279363D0635235D430C70DF5
                                                        SHA1:D3F720058B1A70945642177D4CC6E6814A6410DD
                                                        SHA-256:D78C7F75E470E99843B035594B955788A252D68A21411E6259083EC4217DD388
                                                        SHA-512:2ECAD0D547BC1485D6B83CBAFF1EB0D7ECA14C03B1CF926035ABC239E48F8B3D4E19E8C91B4A43EB39813E6D30267D5FD09E7CF06D9CF1D0D0F60966979E23FE
                                                        Malicious:false
                                                        Preview:14:06:04.977.INFO.Signaling force websocket stop..14:06:10.659.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:07:10.691.INFO.Socket connected to getscreen.me:443..14:08:22.359.INFO.Signaling force websocket stop..14:08:22.490.ERROR.Socket unable to read..14:08:22.490.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:08:22.490.ERROR.WebSocket connection error getscreen.me/signal/agent..14:09:42.793.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:09:42.799.INFO.Socket connected to getscreen.me:443..14:12:49.734.INFO.Signaling force websocket stop..14:12:49.845.ERROR.Socket unable to read..14:12:50.196.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:12:50.196.ERROR.WebSocket connection error getscreen.me/signal/agent..14:14:42.568.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260823.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):6359
                                                        Entropy (8bit):5.01074771998307
                                                        Encrypted:false
                                                        SSDEEP:96:x2Dg1a81YRlWo5+UPIOXvOgSpp/ryGaZ5tRT:QDg1a81YRlWo5+UPIOXvOxpp/OGC5tRT
                                                        MD5:6941BD46C0E9A5008EF77E132E916945
                                                        SHA1:248A620AB0D4EB62BDBBEFA3529CBF2FD9709090
                                                        SHA-256:9C47FAAE7BFAA94A7A839528E2A1339B1461C44F2ED1C77520462B83890B0A9B
                                                        SHA-512:009FD366DD0C98039F70F34F9A2F6D023FEFEBE7C8A4409EF8FA6713EC1C8AE675976C2577E4A8BB17C41ED95408B1CA6D657D7A09EF930A243D58E6973A6F58
                                                        Malicious:false
                                                        Preview:17:33:19.487.INFO.Signaling force websocket stop..17:33:20.955.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:33:21.206.INFO.Socket connected to getscreen.me:443..17:35:34.047.INFO.Signaling force websocket stop..17:35:34.078.ERROR.Socket unable to read..17:35:34.078.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:35:34.079.ERROR.WebSocket connection error getscreen.me/signal/agent..17:36:05.632.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:36:06.306.INFO.Socket connected to getscreen.me:443..17:38:28.838.INFO.Signaling force websocket stop..17:38:29.079.ERROR.Socket unable to read..17:38:29.370.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:38:29.370.ERROR.WebSocket connection error getscreen.me/signal/agent..17:40:24.175.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260826.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.770942421748538
                                                        Encrypted:false
                                                        SSDEEP:3:1fPQ3sas2XINF+WgIO0/Vyn:Vjn2XIX+WgIJUn
                                                        MD5:6BD24A9DFBA99F9A3E8ED2DBA8D22F53
                                                        SHA1:8EA9675F09D41C1FFC7AC066BF694EBE477956D4
                                                        SHA-256:D1DCE743E18D9CFD9834DB3CD79BB68B5E5CBB3D162B5BBEEEFAE3AF9AACE821
                                                        SHA-512:75EC26EF801899604C63C7CAC289D60DDB9176E388A78B2BAAEAF5F11ED19F1188A31F664A5C02CD8B1D6FAE61DFACDB7961936E0B1B8C0BA3EA2EF09552E774
                                                        Malicious:false
                                                        Preview:21:47:48.516.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260828.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):148
                                                        Entropy (8bit):4.665387128200598
                                                        Encrypted:false
                                                        SSDEEP:3:gVpRss3X2XINFDhL1JDEELD8KrugglfjqXdzvRWAAEzRWovn:gzRs4X2XIXNLD4EQnkXdzvRWl8Rvvn
                                                        MD5:C5B56EA67935BDD52752F4D95258B8DF
                                                        SHA1:51EEAC8282FD250BE9B257FD772A72F8A3B3E577
                                                        SHA-256:4DA88D2F4999DCA9CFF8ECA7390653CCF6DF4581A6BB6385921BAFC33D047633
                                                        SHA-512:2133BB43775F35F256DFF6B476AAB0A65E47A6DBC2DA6AE9F65B95FD8B938868E5300E55C8DBAD466A132096B3994DC1BCF386D1F9662B0B655D577D08218069
                                                        Malicious:false
                                                        Preview:01:02:48.587.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:03:19.491.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20260830.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.982301429732711
                                                        Encrypted:false
                                                        SSDEEP:12:ARzmOablKOQj8P40QT5bChBQOQtvvVp0oQj8P40Hx5T:AEOablxDAf1bGmrtv9hDA2T
                                                        MD5:A1F4835714B6F93118BEF42442A0981A
                                                        SHA1:9036533BF2679B8C189DEB373B30980CEE455976
                                                        SHA-256:8F2DE0C19AE4E0F67DC7B168D88463424AC967E3074483089ED7A23667F7C2A7
                                                        SHA-512:D1209E7C645B1212F7CBFB55CF0839F264513B2960D04E8AAB141E73B55E4D0ED266694D96463CF4384DE61E948B248942F43D72869142B25DA6DEC41528658A
                                                        Malicious:false
                                                        Preview:04:18:37.248.INFO.Signaling force websocket stop..04:18:40.255.ERROR.Socket unable to read..04:18:40.275.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:18:40.285.ERROR.WebSocket connection error getscreen.me/signal/agent..04:20:45.549.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:21:52.708.INFO.Socket connected to getscreen.me:443..04:22:59.630.INFO.Signaling force websocket stop..04:22:59.861.ERROR.Socket unable to read..04:22:59.861.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:22:59.861.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260901.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):5.003862697430228
                                                        Encrypted:false
                                                        SSDEEP:6:SWfXIX+WgIJU4jfD3En2XIXNLD4EQgfcs2dzvRWl8RvvlXIX+WgIJU45NNHMufRO:SWfaU2ChR2tvvlMN3R4Qj8P40MKn5T
                                                        MD5:DB6B9A95DE1E10CA6051CC28216077AA
                                                        SHA1:B83588A3EF0C953FC4304CA40E28DE979EDE2B6B
                                                        SHA-256:8EF49DCBC5EC82E25318B58580D2763BEB135AC793CB08A814B4012E2DFC190D
                                                        SHA-512:3DEC5BDCC47110FDF493BAB722DE675E34F4AE41C8F228CFAD8E796D0B59270C72D92296CFCA86609B551581067220A6E9FC918CA16F111CE835A988AC89792F
                                                        Malicious:false
                                                        Preview:07:39:30.249.INFO.Signaling force websocket stop..07:39:53.317.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:39:56.906.INFO.Socket connected to getscreen.me:443..07:42:18.469.INFO.Signaling force websocket stop..07:42:19.261.ERROR.Socket unable to read..07:42:19.281.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:42:19.291.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260903.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2208
                                                        Entropy (8bit):4.965021773539593
                                                        Encrypted:false
                                                        SSDEEP:24:MJqy6G3tvHVDAE32e2G7Ktv4RDAv+xQ2GItvSiAOBDAtS1472DGrtv7GDAg8G3rw:499DN3ZquDW+6vo6kDR1SvBqDlxbG3
                                                        MD5:0089E5732E213A13443C3D7D48223FF7
                                                        SHA1:9E3DC6CDC2E14A44BF00E9EDFB8475656BBAC5F6
                                                        SHA-256:447A738E353D9285A38C5DD7BFABFF3AE6E593CB9F62285BA3A53B8632F0F7E0
                                                        SHA-512:37153D1F353D84ADEF87B32EB3EABB7384099BCEC78C534C322D2AF16720CC96B0ABF4042C51EB3D8F1519FAF164A2D6F8EE552F058FCB251EBD0BCEB184F6DB
                                                        Malicious:false
                                                        Preview:10:57:06.788.INFO.Signaling force websocket stop..10:57:33.058.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:58:24.149.INFO.Socket connected to getscreen.me:443..11:00:18.738.INFO.Signaling force websocket stop..11:00:22.966.ERROR.Socket unable to read..11:00:22.966.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:00:22.966.ERROR.WebSocket connection error getscreen.me/signal/agent..11:02:48.112.INFO.Signaling force websocket stop..11:03:44.677.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:03:53.400.INFO.Socket connected to getscreen.me:443..11:06:10.342.INFO.Signaling force websocket stop..11:06:10.913.ERROR.Socket unable to read..11:06:10.933.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:06:10.933.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20260905.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:IfYUHdXd5jqXXINF+WgIO0/Vyn:IQQdN5jmXIX+WgIJUn
                                                        MD5:B2F353EEC594C2DB7BDC31FEF42C4688
                                                        SHA1:5B1BA68E385E5CEBA560ACEDD0F21B13FE3310CA
                                                        SHA-256:8DC32A12DDE695BEBBA63735E2F94CE6961853091A62939621CC9B301E76B83C
                                                        SHA-512:82D9AA08924F3D6C9218B44DF2BA25653C2878BB74A53436749E8B4F8E78B3B59FFC4FF3455D04DA88D2D0A19C1C4DA454BCCF0B552CF67A51A068F9373A9E9A
                                                        Malicious:false
                                                        Preview:14:34:16.828.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260907.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1688
                                                        Entropy (8bit):4.997728881132984
                                                        Encrypted:false
                                                        SSDEEP:24:XHDAPbxn5zxGsDtvYDDARGGqtvolRDA7CRGLtvw12RDAqT:XD+Mw4Dg/e2RDuCcho1EDrT
                                                        MD5:DA57B36C70F1ABB1619E358325D3D323
                                                        SHA1:210E59819783EB447C1017B996F72CECAA1436FC
                                                        SHA-256:70765241DC802DC77C7E0FB4715141ACCC62D6D3486C7E777FE0D4F65C4FB98C
                                                        SHA-512:F766C46B351370F26614D5C342B788FEE84EB65280B7D2F3AC45ACB4EC135BCE36F36B26E6E08DD0A6765CB296F98ACA9C3A1B22F19613992C4A3779FAF514F1
                                                        Malicious:false
                                                        Preview:17:48:46.504.ERROR.Socket unable to read..17:48:49.042.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:48:49.052.ERROR.WebSocket connection error getscreen.me/signal/agent..17:51:02.461.INFO.Signaling force websocket stop..17:51:37.973.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:51:45.811.INFO.Socket connected to getscreen.me:443..17:54:02.409.INFO.Signaling force websocket stop..17:54:02.409.ERROR.Socket unable to read..17:54:02.449.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:54:02.449.ERROR.WebSocket connection error getscreen.me/signal/agent..17:55:51.989.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:56:01.614.INFO.Socket connected to getscreen.me:443..17:58:16.415.INFO.Signaling force websocket stop..17:58:16.465.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20260909.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):974
                                                        Entropy (8bit):4.99953421043904
                                                        Encrypted:false
                                                        SSDEEP:12:dKChN2tvvkDVJQj8P40ly5bXTChFdbX2tvvxeQj8P40k5T:dKGN2tvMDVJDA+6bXTGnbX2tvJeDA1T
                                                        MD5:518DA366F15DECD12F6C20FFB9E986ED
                                                        SHA1:43C942ABE47A66A45F15427041EABAC12D943411
                                                        SHA-256:25CFDD8BA11C299D2827390D4E6355C5B3AC9F67A090477EE31D84D3F39788A9
                                                        SHA-512:BA0A723DA8FC7B8F8A9BD957438B26259213928FB8CCE65DE43A5B54C3E028CA049385D7A427690F3354E9AE3EF3EACC13607C46E608A8763930062E648A207B
                                                        Malicious:false
                                                        Preview:21:17:48.389.INFO.Signaling force websocket stop..21:17:51.753.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:17:59.138.INFO.Socket connected to getscreen.me:443..21:20:17.803.INFO.Signaling force websocket stop..21:22:29.518.ERROR.Socket unable to read..21:22:29.518.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:22:29.518.ERROR.WebSocket connection error getscreen.me/signal/agent..21:24:28.273.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:24:31.846.INFO.Socket connected to getscreen.me:443..21:26:53.460.INFO.Signaling force websocket stop..21:26:54.162.ERROR.Socket unable to read..21:26:54.613.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:26:54.613.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260912.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.757462287781333
                                                        Encrypted:false
                                                        SSDEEP:3:BYUsKWXXINF+WgIO0/Vyn:BQnXXIX+WgIJUn
                                                        MD5:7287D6BB2FC3753FC7D377DD50D9FEDA
                                                        SHA1:73CBDEE6C689E0B0158634236952F652A65E11C7
                                                        SHA-256:CA91F1A72527A759C4674384E4262A91F4602C0FC49CF34DE0C9CFE018F3465A
                                                        SHA-512:95313B7593DF44D1E531EF5767A54C563897AD0C91D4691D918467909130C418EC50D511DD14106B67CC8B6421C5FC0F235FB446E0D2AA5DDCBFB87FEFD7DC07
                                                        Malicious:false
                                                        Preview:00:41:57.083.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260914.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.989193326775162
                                                        Encrypted:false
                                                        SSDEEP:6:Or8sr2XIX+WgIJU8c2XIXNLD4EQeAs2dzvRWl8RvvPmXIX+WgIJU87TBkMqfzTBp:OrR2x2Chr4tvvPmmBy/BxQj8P400BK5T
                                                        MD5:E30F04B7527BBC33C38B6DCAEA07CD9D
                                                        SHA1:79752FCC51F9B0CA9E616623054F79F3BDECF6CF
                                                        SHA-256:377B68A66D86136E8941B4812F019A3004E94D233653C2FF1CAE330650016CB5
                                                        SHA-512:03FC42BF8717997CC01535D49975FAC142DBC15C3E0F627B48F5460837672745C75791EFCDFA17A591BFF26B04869866BC4CE28959AE9CF26C50D41690D0B4AE
                                                        Malicious:false
                                                        Preview:03:56:39.254.INFO.Signaling force websocket stop..03:56:40.916.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:57:43.197.INFO.Socket connected to getscreen.me:443..03:58:54.760.INFO.Signaling force websocket stop..03:58:54.831.ERROR.Socket unable to read..03:58:54.831.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:58:54.831.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260916.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.806656707462825
                                                        Encrypted:false
                                                        SSDEEP:3:SUYAL45jmXINF+WgIO0/Vyn:SUYr9mXIX+WgIJUn
                                                        MD5:6548687B7508C8B4455A49166F507D70
                                                        SHA1:7CEB2FD8BB7F088D35A2EC6D8AFFD927F406F8D8
                                                        SHA-256:E8CFC5BBC68F950C88CE382918D240D95A078584899723C4C85A938F77AB9F89
                                                        SHA-512:FC0E9ACC73BE86F7EFFBD6E5F93111AB0D204B0D6328FB6E5A9179D11801F3C6231B6F6480014F268545A0478D65E74C27354D8F0C9921879B2A10FDB89B9F5E
                                                        Malicious:false
                                                        Preview:07:13:25.629.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260918.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:Mf9ETXINF+WgIO0/Vyn:MeXIX+WgIJUn
                                                        MD5:B700B44675736D02B1F1FFAE5683EB63
                                                        SHA1:200C2BB878570399662CB792C67FCA3077101728
                                                        SHA-256:4F87594112DF356C45DB3E30349F8C48D62FC138465253F77DE72DC5980D5AA4
                                                        SHA-512:1E42831970378A25BB2593E33457E343A26775990B10D738656C07A46984A86A173115E1E7FFB2ED798FF1993B5F92E92CF6AC4D2C1AA2409CA4EF3324BE3934
                                                        Malicious:false
                                                        Preview:10:28:31.073.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260920.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):571
                                                        Entropy (8bit):4.964751284630512
                                                        Encrypted:false
                                                        SSDEEP:6:bXIX+WgIJUUzWkXXIXNLD4EQK6IXdzvRWl8RvvPNfp2XIX+WgIJUUCfCMXfTEud+:bK6IChYIXtvvPT2KwQj8P40s5XfD5
                                                        MD5:4C855990B64C5194C81D9CBDEF59DE72
                                                        SHA1:FB52FEC6FA52F558C03146325A9446B1D8ECA385
                                                        SHA-256:A4D31703A6F10E34313244F6EF613721DF837BF7FFAFA0B61718AEAE1A847EA2
                                                        SHA-512:5EE39BE3F95A6B6CE022F4533CB7FF37882BBE8C5515FDDC2E1121AFB3F7AA93E4FCCA2307795311FA3FCDBC42FA684A4E2950DEF74FC8A063A71DDD1DC3B56D
                                                        Malicious:false
                                                        Preview:13:43:34.201.INFO.Signaling force websocket stop..13:43:35.300.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:43:39.339.INFO.Socket connected to getscreen.me:443..13:46:01.199.INFO.Signaling force websocket stop..13:46:01.560.ERROR.Socket unable to read..13:46:01.580.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:46:01.580.ERROR.WebSocket connection error getscreen.me/signal/agent..13:48:14.963.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20260922.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):974
                                                        Entropy (8bit):4.999698063711715
                                                        Encrypted:false
                                                        SSDEEP:12:HNKLs2ChKXtvvLBgKaKFQj8P40Z5ECha2tvvL5ZXK8acQj8P40c/5T:taXGKXtvSCDAqEG9tvz7DARhT
                                                        MD5:7AAF77181AD21E6FC98243A4FB7A8C4D
                                                        SHA1:B21B29E89FED4E2A0FFFE5BA0A7B28CADA448F50
                                                        SHA-256:826C5D352F4DD298A651621FA2E231AABF422D80BD1E3941D4D11C157DA85C96
                                                        SHA-512:5CEE74A0EA1D001868A10A5FA367107201C0C9D77216022CBAC9EE81978E0FB1185A3E675067D1D501465BD402F398EB5F16A9E5C2AB4DFF9A4E15B0CD1CDB4A
                                                        Malicious:false
                                                        Preview:17:03:55.103.INFO.Signaling force websocket stop..17:03:57.384.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:04:09.239.INFO.Socket connected to getscreen.me:443..17:06:23.308.INFO.Signaling force websocket stop..17:06:23.519.ERROR.Socket unable to read..17:06:23.569.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:06:23.569.ERROR.WebSocket connection error getscreen.me/signal/agent..17:08:23.137.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:08:33.394.INFO.Socket connected to getscreen.me:443..17:10:46.691.INFO.Signaling force websocket stop..17:10:46.991.ERROR.Socket unable to read..17:10:47.622.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:10:47.622.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260924.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):974
                                                        Entropy (8bit):4.9802053052141595
                                                        Encrypted:false
                                                        SSDEEP:12:JaQCh+zytvvLzQj8P40Z/T5bVDLKiCh+DgtvvF274Qj8P40ZOB65T:JXG+mtvDzDAg9bVSiG+stvw74DAgOAT
                                                        MD5:1EE3720A266912C4A870495AFEC33743
                                                        SHA1:AFEE8E59EB8F3E2BF8166846821A91B079B6B3C6
                                                        SHA-256:14B8CD7FF9635CB9745E3FFF71C2C927F80B3A1B867E3B71DD6EB7BCAEF10272
                                                        SHA-512:EE5156FFD96D32F41BCAB5F3A0D5D12F1E08199EF263901125475FC5E142240B371E30B80528FB0111A1B53D714B66393B28BC59B21B4BD4E6E2CEA84D2D1A3B
                                                        Malicious:false
                                                        Preview:20:26:09.411.INFO.Signaling force websocket stop..20:26:36.251.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:27:41.868.INFO.Socket connected to getscreen.me:443..20:28:49.969.INFO.Signaling force websocket stop..20:28:50.220.ERROR.Socket unable to read..20:28:50.240.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:28:50.240.ERROR.WebSocket connection error getscreen.me/signal/agent..20:29:16.713.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:29:17.173.INFO.Socket connected to getscreen.me:443..20:31:29.753.INFO.Signaling force websocket stop..20:31:29.783.ERROR.Socket unable to read..20:31:29.904.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:31:29.905.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20260927.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4243
                                                        Entropy (8bit):4.977873611322556
                                                        Encrypted:false
                                                        SSDEEP:48:FvXPM12LDLIb9vh25DQbDtBUDzSqaDmUrEUDml0+u17IDCXZxwDDuKvoNalDojZq:BUBVNVwSSUIl0vZVwoNVj8KAT
                                                        MD5:4A73AA47DB49C061D1361A493F643D92
                                                        SHA1:78C1ACE6EFE747DB6C8D1ECCA95410AE0F83FF9D
                                                        SHA-256:19FCA5E5D90553B98A3244BD3D405446CE1A0E00640B3159216A83E17288A09E
                                                        SHA-512:F209BFFA1962A979995F447C533287146705B0299B76EECD27AFA6B20653F6E26F045C15B0F6436B70FACC3BFF54B47D473CA67C076AD5523CB45A2EBD8C792F
                                                        Malicious:false
                                                        Preview:23:47:19.098.INFO.Signaling force websocket stop..23:47:19.336.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:47:27.223.INFO.Socket connected to getscreen.me:443..23:49:46.183.INFO.Signaling force websocket stop..23:49:46.524.ERROR.Socket unable to read..23:49:46.525.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:49:46.525.ERROR.WebSocket connection error getscreen.me/signal/agent..23:50:54.386.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:51:55.993.INFO.Socket connected to getscreen.me:443..23:53:06.081.INFO.Signaling force websocket stop..23:53:38.084.ERROR.Socket unable to read..23:53:38.495.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:53:38.495.ERROR.WebSocket connection error getscreen.me/signal/agent..23:55:42.649.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20260929.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.949326055451044
                                                        Encrypted:false
                                                        SSDEEP:6:OqEHmXIX+WgIJU8qZQXIXNLD4EQ4edzvRWl8Rvv++02XIX+WgIJU8HbMqf/bud2d:OdGXOCh4tvvFP8N/6Qj8P40ab5T
                                                        MD5:03FFAA35E6720E2E5CE5090C326024F5
                                                        SHA1:3AAA9EAB42E23D4FFEDD6DD8F7E6C6AA58CDB6CE
                                                        SHA-256:52DF205E8A75FA55D40F51D82B57B467E2AA11AA48A57697F8F8D4EBEAB18A86
                                                        SHA-512:36BA9DFE00FA183592F17B5FCFC6FECB59E7F831CC02C84F51988B93FE5AFB688C00574EA43DB72DBA6675EC61481B85A29B22A579C5D26FC1DFA4C35C5A4A88
                                                        Malicious:false
                                                        Preview:03:43:07.668.INFO.Signaling force websocket stop..03:43:26.729.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:43:38.370.INFO.Socket connected to getscreen.me:443..03:45:50.837.INFO.Signaling force websocket stop..03:45:52.430.ERROR.Socket unable to read..03:45:52.430.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:45:52.430.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261001.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.931582479126591
                                                        Encrypted:false
                                                        SSDEEP:12:SwEmIDChhttvvRIsV7Qj8P40L5k+ChWtvvn:tIDGHtvpIsV7DAkfGWtvv
                                                        MD5:1503295E5FCAD3A4AC31FCC28B4A02EC
                                                        SHA1:DE0D7DF51F70BCA28C0D3E953AC6E17478353F6A
                                                        SHA-256:ACF75B38F6D3A43E123EE011003DA1D27882931A827EE4D7E4F24EE7BAD900FC
                                                        SHA-512:B908C0A2595B81F7BD8B173F32CAAD14308422C6662084383ADFB66C844E699DB58CCEA29960602364538B28F0910754710C5F08A5D1807F8E872B5E4B9D7A97
                                                        Malicious:false
                                                        Preview:07:00:49.281.INFO.Signaling force websocket stop..07:01:10.997.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:02:18.899.INFO.Socket connected to getscreen.me:443..07:04:36.162.INFO.Signaling force websocket stop..07:04:41.210.ERROR.Socket unable to read..07:04:41.210.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:04:41.210.ERROR.WebSocket connection error getscreen.me/signal/agent..07:07:01.659.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:07:03.653.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261003.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.957451021446331
                                                        Encrypted:false
                                                        SSDEEP:6:M6XFXIX+WgIJUU1ibMuibud2M0CCQP5K0CVifDNBQEQtws2XIXNLD4EQ0YsXdzvH:MwKcQj8P40L5ywXChNYQtvvn
                                                        MD5:18B2C38E8379E814C46D034B65325098
                                                        SHA1:062FF46ED289C3C3E8716E55233565A59A106E44
                                                        SHA-256:BF3C86F354507133DB13928F5F79CE69B5C729C574AAF5FC0E860EC1B1E862ED
                                                        SHA-512:CA88F77F8C24B2C42ED89FCAAA3DB4746A8206AED6B4EBE4E608B2416790C543445624C15C98C0DDB46D5445D1C7535DF3A8FDCA50CC56AA2184A045EDF1D81F
                                                        Malicious:false
                                                        Preview:10:22:29.351.INFO.Signaling force websocket stop..10:22:31.970.ERROR.Socket unable to read..10:22:31.970.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:22:31.970.ERROR.WebSocket connection error getscreen.me/signal/agent..10:24:12.667.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:24:17.148.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261005.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.721748002067049
                                                        Encrypted:false
                                                        SSDEEP:3:Pj83S4riXINF+WgIO0/Vyn:b8i42XIX+WgIJUn
                                                        MD5:5A143E9149E87B7CFD55D43EEEDAEEA7
                                                        SHA1:C886B4531D1720D2E7A819892069002E280F337D
                                                        SHA-256:31DAEE3C8459CC194CB40D5C2576B031500F8BD35BC5E4E19604467BB7BB0E7E
                                                        SHA-512:537157DD511E3BBFC72A8C5ECA010C6EAC685684BD8258EF2EEB7AE7A8450C13720FB64939D6AC04ADE03C65D4301AB3B5BD6768C3CFAD11511A673100C888B9
                                                        Malicious:false
                                                        Preview:13:39:16.273.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20261007.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.968406649141539
                                                        Encrypted:false
                                                        SSDEEP:6:KmMm4yUud2M0CCQP5K0CN4B3QDNBQEQiHs2XIX+WgIJUUsX02XIXNLD4EQpALd25:h4yBQj8P40EQ65V3Ke/Chstvvn
                                                        MD5:F114BE9DB48E05CCC8BF211A36D869B7
                                                        SHA1:4841DD5A5B9270E367EB19D1086AC74B96425A60
                                                        SHA-256:E6F41F0216FC3DD410BBAEF732E826A077742D6EEAEA83045FC6CD66DBFC0221
                                                        SHA-512:5878CFCDF05B9596E5A4F2AB42B934523B8C702913D635C5A850B746D5507611AC6ADEFF1445AACF0F8013329C073A008D7E463E6E905EF08F9374E4D4371D1B
                                                        Malicious:false
                                                        Preview:16:55:23.522.ERROR.Socket unable to read..16:55:26.064.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:55:26.074.ERROR.WebSocket connection error getscreen.me/signal/agent..16:57:51.525.INFO.Signaling force websocket stop..16:58:11.452.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:58:14.572.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261009.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):367
                                                        Entropy (8bit):4.981405657812345
                                                        Encrypted:false
                                                        SSDEEP:6:OMLTUj2XIX+WgIJULyMc4ud2M0CCQP5K0C84hDNBQEQaVkcKXIX+WgIJUn:JTUj2+9Qj8P40Z4R5bVkcK5
                                                        MD5:81A9D9C95DE9FA13181753766E320DF2
                                                        SHA1:D1C3C99A13D0ECB317C4975A43D7C54FDF85F602
                                                        SHA-256:BF30A5AA1F04A3F905595BDD93D701C86369DB95B94F5C96905C3C06C18C7A25
                                                        SHA-512:C68736DB236C6268EC86456D4634927FDE719A2349E581E9C984B32C2A8425E25B390F66F738748C1F28D828D7BACA07F2E2E9BF7C5F478B0020C5E734017BC8
                                                        Malicious:false
                                                        Preview:20:13:48.618.INFO.Signaling force websocket stop..20:13:51.666.ERROR.Socket unable to read..20:13:51.706.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:13:51.707.ERROR.WebSocket connection error getscreen.me/signal/agent..20:16:04.300.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20261012.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):719
                                                        Entropy (8bit):4.952448216764354
                                                        Encrypted:false
                                                        SSDEEP:12:tXYX4mChrAtvvCECn2YpypBQj8P40u65bhYT2Chdytvvn:dqGstvbG2VDAMbhI2Gdytvv
                                                        MD5:D8419A6E34566084CAA247CCF5896416
                                                        SHA1:6594D2E77F9DBCEA77DD569FF187786627654800
                                                        SHA-256:931B7A88AF15AB563555EEBEDEB5751ABD2372B7DBD802CA1C627B09F9CA2F8D
                                                        SHA-512:E98869C782F79816B5F5F7A861384B68A6262C96429E85B28C6AB4844AD57195ECA6CFD9C89F1EE06F006869DE5841292BE60503C9C17CFE1325AC179C6456B5
                                                        Malicious:false
                                                        Preview:23:30:59.229.INFO.Signaling force websocket stop..23:31:14.480.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:31:19.312.INFO.Socket connected to getscreen.me:443..23:33:41.476.INFO.Signaling force websocket stop..23:33:41.737.ERROR.Socket unable to read..23:33:41.737.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:33:41.737.ERROR.WebSocket connection error getscreen.me/signal/agent..23:36:07.095.INFO.Signaling force websocket stop..23:36:19.717.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:36:21.738.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261014.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.948938899752545
                                                        Encrypted:false
                                                        SSDEEP:6:ynWnXXIX+WgIJU/NTUMdNdud2M0CCQP5K0CAhNH2DNBQEQYX0XIXNLD4EQLaJ2dz:yn+XrGQj8P40xg5p0Chau2tvvn
                                                        MD5:2D01449BE05DA01FEB8A0D7D8A4ADCF7
                                                        SHA1:6DDC2CE3FE31585DBA72D30ED5D1B16C582D1468
                                                        SHA-256:578914672D686EFDC680B2624D9779BA1A7B3DAA878127E321010BADB7BCB76D
                                                        SHA-512:9C381105EC51EA884E0FA1D24994C5630DEDFD26BA27CF11EE8DA17125B4912F4DF49A8A79FD823EF617B1B8288FF1910640404D077AF7A598C5FD7C7CE80BF3
                                                        Malicious:false
                                                        Preview:02:51:25.419.INFO.Signaling force websocket stop..02:51:28.888.ERROR.Socket unable to read..02:51:28.908.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:51:28.929.ERROR.WebSocket connection error getscreen.me/signal/agent..02:52:55.722.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:54:02.914.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261016.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.721748002067049
                                                        Encrypted:false
                                                        SSDEEP:3:ZcZXXINF+WgIO0/Vyn:4XXIX+WgIJUn
                                                        MD5:22BD3EB38DEAD14E2DB013EEB4BA1C08
                                                        SHA1:47CFF5E4873161D48530331F4F8400C790FA6331
                                                        SHA-256:2C2C69F63E4FDD21B0848A1016FDCA9DA4CFA5544021F9569A05C62CC020AE9C
                                                        SHA-512:67CD1E3BC61682C9901755A91C834C725F21E5EC07B44A0FEF3624E727BCE76BC1D73221D7593C51EADD4BBB3532E87E24CCB067093DE10FD4A39DCF32630248
                                                        Malicious:false
                                                        Preview:06:09:04.591.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20261018.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):255
                                                        Entropy (8bit):4.841291781349375
                                                        Encrypted:false
                                                        SSDEEP:3:4xnqkKZA122fGq73k+//KKX76VyITHiC1uPLRyOML0HiLeq73gAUOg1MGXAELD84:4kkMgf0ud2M0CCQP5K0CMDNBQEQ4
                                                        MD5:710DAFBF3C7459BEFC9B478565992046
                                                        SHA1:19FA4A0729775CED46786AC5BB380984A8830062
                                                        SHA-256:6DEC24662666C39F893EA0A86EA604FCF5A1A189F0DE42281E45D95C70D40A15
                                                        SHA-512:21868871A7A1D503DA74B95027B67F42AE1CBD2D340F1F49B89D792A9BD86C0DDC9914DBED00E5904F8C812E717D0FF9696E3E31FBEC6E1239EACF023B4DDB38
                                                        Malicious:false
                                                        Preview:09:23:34.711.ERROR.Socket unable to read..09:23:36.040.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:23:36.040.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261020.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.735228136034253
                                                        Encrypted:false
                                                        SSDEEP:3:OfWcrLEWXXINF+WgIO0/Vyn:OvIiXIX+WgIJUn
                                                        MD5:E8200FD043DC6A058C73CE82BCFD6E1A
                                                        SHA1:85D906E987AC76C9FC2B14A12FABC72D2CFF6AF5
                                                        SHA-256:19276C08C173A91D56F29DE34A67EA92F84E4C6D990F8253E6E432C234666706
                                                        SHA-512:9C9549A50059C3796E7516F4ECE739C487BDD9F6B5426CCB700F5F9DE3BEF22C6609B3CEE137F1E2AA67B1B02BCC1F72D769223455B511462B29C503C6B4F69F
                                                        Malicious:false
                                                        Preview:12:39:31.052.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20261022.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.974618220316525
                                                        Encrypted:false
                                                        SSDEEP:6:bqr4mXIX+WgIJUUFWQXIXNLD4EQaBQL4mdzvRWl8RvvJyWsaXXIX+WgIJUUbHEM6:bqr4mKsQChAXtvvwWsaXK4Qj8P40t5T
                                                        MD5:E0BD76E97F78E24A92805E55CCCF89BA
                                                        SHA1:0BBCB82CFD5CBE23D4883A1AA3F920972DCB5943
                                                        SHA-256:5941DBB53B2C3BAA0504FB6D779819F3489C226976EF1A3C860AF6A9EC70FDD9
                                                        SHA-512:3D1403175453519C00F1F4271780DE6E987C86FB0BB11E2C0C3C94E945504FFF2004126C02E05C2F7C6298C5DF15CAAB19816A28ADDD3B6F776510683634CDB3
                                                        Malicious:false
                                                        Preview:15:54:39.003.INFO.Signaling force websocket stop..15:54:39.531.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:54:46.509.INFO.Socket connected to getscreen.me:443..15:57:07.019.INFO.Signaling force websocket stop..15:57:07.220.ERROR.Socket unable to read..15:57:07.260.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:57:07.260.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261024.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):5.005573518393916
                                                        Encrypted:false
                                                        SSDEEP:6:S5QXIX+WgIJUUSmXIXNLD4EQkTdzvRWl8RvvF8H2XIX+WgIJUU72bM42bud2M0Cn:SuKSmChlTtvvOH2K7SRQj8P40aq5T
                                                        MD5:9C2F1F7330D9AF98114EC3CA7764F165
                                                        SHA1:FEACD4C5C8706E72B5C74C3F74296D8B9F582B03
                                                        SHA-256:094A936D3C82E1AC3689B12509797D235E3DFB5DDC3AD2D3F32E8740B2270F0D
                                                        SHA-512:38C3A231FC431AA71872A4E74A9778A203A432E2E07F7CC9200FA01A4C418EF6A95F0D2F1EE06D86BD269D05EDB6494D923A3E79F8CDA2E94DD275D267B0C096
                                                        Malicious:false
                                                        Preview:19:12:39.682.INFO.Signaling force websocket stop..19:13:35.608.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:14:35.650.INFO.Socket connected to getscreen.me:443..19:15:49.651.INFO.Signaling force websocket stop..19:15:49.673.ERROR.Socket unable to read..19:15:49.673.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:15:49.673.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261027.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.734963124112103
                                                        Encrypted:false
                                                        SSDEEP:6:4hDjmXIX+WgIJUK5QKXIXNLD4EQhq5tSKXdzvRWl8Rvvn:4Nmw5BChL5gGtvvn
                                                        MD5:9076F8404D9D6E143E1F674F6F3F06B9
                                                        SHA1:C63F8FA2F218F4544639F02E5459D7B881425B14
                                                        SHA-256:3B1A6ADB4484A0FECF0BEC83A4BA0F458D11CCDA7D18BD9FEDC0A7945C53A983
                                                        SHA-512:2F4B303FEF5C972315DFA50B0A11D9820D7829FD4B76999BA80E3F9811675FF2D18F648F675157DBBA4EB22994894174F3DE924215836AECD1FFA0E4EF2E2780
                                                        Malicious:false
                                                        Preview:22:30:40.769.INFO.Signaling force websocket stop..22:30:41.600.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:30:44.733.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261029.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.699513850319967
                                                        Encrypted:false
                                                        SSDEEP:3:gRds2XINF+WgIO0/Vyn:g82XIX+WgIJUn
                                                        MD5:C445222CFC1F9A8DCD268652EA0B6985
                                                        SHA1:104587895E7C0F91D6BE772CD2FCB29BC63B800F
                                                        SHA-256:29859BB5458B728DB76B0D41736666B2BDF36A2DDDD35602D51A47AD0438AF19
                                                        SHA-512:F7D49B336E91AC3906DE63912BF78A7F02061FEF624E4E90F94DD32D8D59F6D7FBECAE6B038BC60680471EB3F18FA08CAD9DA17CD4B994CCCB0279A68507A83C
                                                        Malicious:false
                                                        Preview:01:45:44.493.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20261031.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):403
                                                        Entropy (8bit):4.887998118075902
                                                        Encrypted:false
                                                        SSDEEP:6:0/A3UMsf4osjHud2M0CCQP5K0CwWDNBQEQYKV7qs2XIXNLD4EQ12dzvRWl8Rvvn:1eQZOQj8P40R05QV7mChrtvvn
                                                        MD5:D4BBA8F8568F934C3D06381D6862C1F2
                                                        SHA1:0AF8F05BFBB7B47C07E6F4B0B270B7F6027C291E
                                                        SHA-256:F0E580CC7FBAE6B599E66B204985E71F4634CA3D49E44A8B205755AD876B1E8B
                                                        SHA-512:A7BD56B8FDC03DBC3B165F49EF583277B96454B9D86274BD755285824E94089E61F5D651B48202CA928864E2AC99210414D6CC434FE7BF1A02B7912E69A56D7F
                                                        Malicious:false
                                                        Preview:05:00:13.832.ERROR.Socket unable to read..05:00:14.939.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:00:14.950.ERROR.WebSocket connection error getscreen.me/signal/agent..05:01:46.605.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:01:46.835.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261102.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.936957797305249
                                                        Encrypted:false
                                                        SSDEEP:6:Md/kls2XIX+WgIJUYgBUM60ud2M0CCQP5K0CKIwDNBQEQ4:MdclXJAQj8P40h5T
                                                        MD5:F3B40C490CA17E6A77C335332314C27D
                                                        SHA1:577FD85E29DBD98E12EC73F5A397AC1FE08F6D84
                                                        SHA-256:3FEA4D0C1C6C0F23F831DAB0F6D5232289DC88FDA876437FDF93287C62B5B214
                                                        SHA-512:99DB9AB482C6897DDDC1E2EDF33B15C7B692BCA1107C5C5DCB5E4A460B663C1894F1359F185B37FEC512E2BF8B1B9823D291E2F1C5363104EF964EE2C46AF425
                                                        Malicious:false
                                                        Preview:08:18:20.855.INFO.Signaling force websocket stop..08:18:23.343.ERROR.Socket unable to read..08:18:23.373.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:18:23.373.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261104.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.672553582385557
                                                        Encrypted:false
                                                        SSDEEP:3:N+YEFIXXINF+WgIO0/Vyn:7XXIX+WgIJUn
                                                        MD5:D771147812921C012CD66F48CBA6705F
                                                        SHA1:D4FD0A3C8E26FCAEF1773C64B08505FC51077A09
                                                        SHA-256:A2B96381CBBC028FB501F8FEFCD3A19DB648EEAAA661D53A9229BA84D2D743D0
                                                        SHA-512:DC982A65D0F3D2F5DAF9450A307F04478A3874AD853F59C80F95A67EC5501FFDDCB380D724F975FFA139F929550408CB0A7AF175D0B50D4D9808C0BF56ECDE4A
                                                        Malicious:false
                                                        Preview:11:33:42.319.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20261106.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.993602842021303
                                                        Encrypted:false
                                                        SSDEEP:6:IDW4K2XIXNLD4EQTXgXdzvRWl8RvvzAfXXIX+WgIJUUzcMWzud2M0CCQP5K0CT3N:IDW4K2Chu8tvvQXKLQj8P4045T
                                                        MD5:1E219B7A22BC1174FC7557CAE5EC62F3
                                                        SHA1:2B264CE8C913C56DB9D20D26BA42B136002F92D2
                                                        SHA-256:DDA9D41B88722ABBB7A2F1B082E302B57DEDD88BF22EB93D138F62147A0D84A3
                                                        SHA-512:CDB5CD3EA0DD2667B0F105D09C754BDC0AE0B7A04B20C282CB4BFAF4450D380472E2E08DEC6E5914DBDC3B15CA4615430334C7DF67CE55931470E0D9FF495ADF
                                                        Malicious:false
                                                        Preview:14:48:37.786.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:48:52.723.INFO.Socket connected to getscreen.me:443..14:51:29.453.INFO.Signaling force websocket stop..14:51:29.784.ERROR.Socket unable to read..14:51:29.804.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:51:29.804.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261108.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.770942421748538
                                                        Encrypted:false
                                                        SSDEEP:3:EfVv5R2XINF+WgIO0/Vyn:E9v5R2XIX+WgIJUn
                                                        MD5:EB19A2186FDFD768452578627069E225
                                                        SHA1:51DCCE5EB8779C6CB007020C48658F260DF3EF1F
                                                        SHA-256:FF9FC70826A4DDA38BE5796B1F4D6170A0543C9971EB0422FBE5349D30D55232
                                                        SHA-512:956A7AB9298B700EE9A0BF99A2F938E2C0B23178A0D16E21C44E8D1F6086E03E2D726882BE6CDDB7CF8FC3CB2AC3DD9BDFE9508AFA188FEFBAF7BE57BEDEDA09
                                                        Malicious:false
                                                        Preview:18:06:35.057.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20261110.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1122
                                                        Entropy (8bit):4.96057725684119
                                                        Encrypted:false
                                                        SSDEEP:24:9OGbtvn25DADb3QGStvaiDAObxVGSCtvv:JxfQDqb3t2/Djbyl3
                                                        MD5:868F3ABC69A0BABAC971993B01BC31F3
                                                        SHA1:CDDE69FEAB323B8A46F0F6E23150576304242DA0
                                                        SHA-256:1F8F4C337353F430AD8FF247499E28DA1C5185314AED218714971BD4B47ABB32
                                                        SHA-512:1C392B4FE4D3F496625B5373D623511F008EF980EBC1057FB586DF2F1BA6AAD6DE0FD286A2BB8774A8BADE8D7DBB8A5D763A520055CB66027D1D5A28B893C237
                                                        Malicious:false
                                                        Preview:21:21:10.123.INFO.Signaling force websocket stop..21:21:53.174.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:22:00.762.INFO.Socket connected to getscreen.me:443..21:24:16.956.INFO.Signaling force websocket stop..21:24:17.147.ERROR.Socket unable to read..21:24:17.147.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:24:17.157.ERROR.WebSocket connection error getscreen.me/signal/agent..21:25:42.271.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:25:43.419.INFO.Socket connected to getscreen.me:443..21:27:54.498.INFO.Signaling force websocket stop..21:27:54.528.ERROR.Socket unable to read..21:27:54.709.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:27:54.709.ERROR.WebSocket connection error getscreen.me/signal/agent..21:29:14.990.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20261113.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.9203266172320514
                                                        Encrypted:false
                                                        SSDEEP:12:gQ2gBQj8P40Y65EtChTFwtvvMAQz3p3BQj8P40h365T:h2gBDAfScGStv0HDApT
                                                        MD5:532307A63F94CD3BCA7F2603D80CD931
                                                        SHA1:23D2BCC17493742E6E05FB1DCAA0D30374C5E6B4
                                                        SHA-256:64538138F956DE36A8C924CF819B23EF5E79F0A99E0453A229D73B97131EB66D
                                                        SHA-512:1F89EE84FA69C2C9F511133CE1D76EB6C3D7DC2782F35D0BE5E13FA5C331EADFD63DF64387E1EE0D941A7780B88B91B1BBEAAA4AF8D7A18C36AE8D744EA3DFB0
                                                        Malicious:false
                                                        Preview:00:43:56.548.INFO.Signaling force websocket stop..00:43:58.854.ERROR.Socket unable to read..00:43:58.854.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:43:58.854.ERROR.WebSocket connection error getscreen.me/signal/agent..00:45:48.517.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:45:55.873.INFO.Socket connected to getscreen.me:443..00:48:00.950.INFO.Signaling force websocket stop..00:48:01.151.ERROR.Socket unable to read..00:48:01.151.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:48:01.151.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261115.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.752770614605932
                                                        Encrypted:false
                                                        SSDEEP:6:QfsVQXIX+WgIJUs4m2XIXNLD4EQN9nn2dzvRWl8Rvvn:Q0VQy4m2Cha2tvvn
                                                        MD5:589095EFE6803108B8A472AC379315AE
                                                        SHA1:59A860487838C3454C15FE210967353E80B584C2
                                                        SHA-256:1F58A7B1550321C368C66ADB2E70841BB543CC0940E2A1DED3D5D94E892083DD
                                                        SHA-512:02867DBBD080792D938924D35D56A419DD482756685984ADA4A3E7F47239472264D8141582221C9E065911DDA183A987DF8913349C435C2E5FB7D39367E9A3A4
                                                        Malicious:false
                                                        Preview:04:03:09.729.INFO.Signaling force websocket stop..04:04:17.272.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:04:26.415.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261117.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.983247707237755
                                                        Encrypted:false
                                                        SSDEEP:12:Sj8SzUFFzQgQj8P40gzU53Ch+8tvv72p6Qj8P40gL5T:I8Sz8FzxDA3zA3G+8tvj2p6DA/T
                                                        MD5:7A2A84DDAD39414B00172E0EA0BDFE1D
                                                        SHA1:3C523BF1BC55481CBCB4816047E3B3B3E635CC2A
                                                        SHA-256:F806BD156B980E1D15A0A8C250F705A36E4AA8334F0123CC78EC8AE1C8FAB9C7
                                                        SHA-512:2D890B6B78A4DDA44481285120393810A6A5EFA244CC6300A620F2A947A2778A23808C3980BC7123C4AC11D5C4012DCA49721CF998CC399A11C17AB0C0F1F2D0
                                                        Malicious:false
                                                        Preview:07:19:42.723.INFO.Signaling force websocket stop..07:19:44.675.ERROR.Socket unable to read..07:19:44.695.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:19:44.705.ERROR.WebSocket connection error getscreen.me/signal/agent..07:21:50.077.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:21:55.525.INFO.Socket connected to getscreen.me:443..07:24:59.032.INFO.Signaling force websocket stop..07:24:59.253.ERROR.Socket unable to read..07:24:59.263.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:24:59.263.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261119.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):654
                                                        Entropy (8bit):4.970142162188801
                                                        Encrypted:false
                                                        SSDEEP:12:MhKrr2Ch9n2tvvm6KjmKoFpQj8P4018U5CX2KkLqChY:Mh2r2G9n2tvj4mXDAACX2zmGY
                                                        MD5:9028C95148436E9D489E9DA9A3180C69
                                                        SHA1:B24447883F40F7016E4E6959DADD55D9EBB28CB9
                                                        SHA-256:A8CBE1F54DF8FDC573159A64E4E6E4802974553D197AE9A43D35C38FF2E23A84
                                                        SHA-512:513AE35805BEE70A8E1EE701052661428316A3B0D5EF468E36CEF8DB435070C3DCF59959B2FF9220C7FE9111F52F3CB194D99A62B7369CBE677863234CB9A6A0
                                                        Malicious:false
                                                        Preview:10:40:43.598.INFO.Signaling force websocket stop..10:41:33.216.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:41:38.196.INFO.Socket connected to getscreen.me:443..10:43:58.125.INFO.Signaling force websocket stop..10:44:02.102.ERROR.Socket unable to read..10:44:02.102.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:44:02.103.ERROR.WebSocket connection error getscreen.me/signal/agent..10:46:27.566.INFO.Signaling force websocket stop..10:46:29.189.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20261121.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4736
                                                        Entropy (8bit):4.999850532065629
                                                        Encrypted:false
                                                        SSDEEP:48:PPDQ0Yk0apYDa5xmDipmR8RDICGXKAhDa/vuAZDMBFzKDnuPD1DFZDNpDMjKvo/R:8U0q5DpXOCGXzsXgBSuLZD8OvJk
                                                        MD5:9E363620C62D942DB2BE45D57AD08997
                                                        SHA1:F2021759DFFFF9B49C5F651377810273B0A02113
                                                        SHA-256:B535A01547BFB4FF2A47DA5751BA32E93E51A3B8501EA29AB07A5E72189625BD
                                                        SHA-512:879CC45280612FDE420E0AB8699CE44AA5770405E60E44F9F6B28FA5DEAAA3A692D34C6377E454D8E3A19EDA7EC6C75DFEE590AF3F20710AF2A014D8A3C69D1B
                                                        Malicious:false
                                                        Preview:14:00:56.638.INFO.Signaling force websocket stop..14:01:00.038.INFO.Socket connected to getscreen.me:443..14:02:11.849.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:02:11.849.ERROR.WebSocket connection error getscreen.me/signal/agent..14:04:36.929.INFO.Signaling force websocket stop..14:04:50.121.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:05:12.812.INFO.Socket connected to getscreen.me:443..14:07:14.726.INFO.Signaling force websocket stop..14:07:15.018.ERROR.Socket unable to read..14:07:15.018.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:07:15.710.ERROR.WebSocket connection error getscreen.me/signal/agent..14:08:36.147.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:08:48.278.INFO.Socket connected to getscreen.me:443..14:10:56.573

                                                        C:\ProgramData\Getscreen.me\logs\20261123.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1290
                                                        Entropy (8bit):4.981531665714858
                                                        Encrypted:false
                                                        SSDEEP:24:EXFGDotvwFNDA7dWr2gGPtvzNDAKSZ9mGaitvdF5:E4sQNDudQQl5D/SNl3
                                                        MD5:175A47B716ACEE88CE6C917E67686FBF
                                                        SHA1:447E74B5F068DF56CD9DED8EA7FC1227D216F890
                                                        SHA-256:EFB344C3205C7550088D67A107CB8B9D6725233BB319CBA70989DBA22FF22CF7
                                                        SHA-512:A1F41EEBFDE1BBD3D4E2C709CAE00461639A935747CDF43AD34D4EC7C5F5C69D7F1ABD221AC3142B29E4ACE40BC04695E4BB1800FF05083DD7AB997EBFDB0A8C
                                                        Malicious:false
                                                        Preview:18:01:40.952.INFO.Signaling force websocket stop..18:01:53.898.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:03:52.143.INFO.Socket connected to getscreen.me:443..18:05:27.281.INFO.Signaling force websocket stop..18:05:27.351.ERROR.Socket unable to read..18:05:27.391.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:05:27.391.ERROR.WebSocket connection error getscreen.me/signal/agent..18:07:52.626.INFO.Signaling force websocket stop..18:08:58.228.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:09:22.871.INFO.Socket connected to getscreen.me:443..18:11:22.002.INFO.Signaling force websocket stop..18:11:22.714.ERROR.Socket unable to read..18:11:22.714.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:11:22.714.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20261125.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2662
                                                        Entropy (8bit):4.993244428217248
                                                        Encrypted:false
                                                        SSDEEP:48:s1D6bRq2cDabebGVDObieaG6DWbcaGCjDnbKnKoUDVT:vc4yysWSR41Cf+n4T
                                                        MD5:90D59B72A477D45E7FEE9A094B27A54D
                                                        SHA1:118B08B43305533602E557666E1E81A51EB11CCE
                                                        SHA-256:6C62C52C5EFCA5DA1D41A9CBC1C236398C3C82D0FB50F2DAA8A1299A31A5EC40
                                                        SHA-512:29BFCFB730B334A28E77E78867179E4E6F03712A14015598B4EC1145A197C1A79DC961BDFE1F274A1B37EF6D971458ED9F2C1AE34C2818FF3D93F0E7300EDDB0
                                                        Malicious:false
                                                        Preview:21:31:06.594.ERROR.Socket unable to read..21:32:13.752.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:32:13.752.ERROR.WebSocket connection error getscreen.me/signal/agent..21:34:39.046.INFO.Signaling force websocket stop..21:34:52.025.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:34:54.754.INFO.Socket connected to getscreen.me:443..21:37:16.701.INFO.Signaling force websocket stop..21:37:17.023.ERROR.Socket unable to read..21:37:17.023.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:37:17.023.ERROR.WebSocket connection error getscreen.me/signal/agent..21:39:29.528.INFO.Signaling force websocket stop..21:39:34.708.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:39:34.974.INFO.Socket connected to getscreen.me:443..21:41:59.749.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20261128.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.899804510540119
                                                        Encrypted:false
                                                        SSDEEP:12:hHg9OCh+XtvvjaXg7YkRQj8P40Lkq5k9XChDb2tvvn:hHZG+Xtvr28RDANCk9XGmtvv
                                                        MD5:23E4EDA23E5C699EC2CAC884B4A80AD9
                                                        SHA1:1F4AA173E46FFB4724868D6780A54F823D2ED659
                                                        SHA-256:66CF2D022872AA9A12B4BAEE3BCC3699B5E3E01FE8E127F37929F0B742F912FA
                                                        SHA-512:60C8F15348925A7C34888CDB61F0DE1363E505B7EA4635A99BAB021E2571C50537CE032A9556B80B2B936E3283545B4BD6D0F28B59F6BE93D6E59B69D1649ADD
                                                        Malicious:false
                                                        Preview:01:08:14.212.INFO.Signaling force websocket stop..01:08:38.159.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:08:40.639.INFO.Socket connected to getscreen.me:443..01:11:01.419.INFO.Signaling force websocket stop..01:11:01.710.ERROR.Socket unable to read..01:11:01.720.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:11:01.720.ERROR.WebSocket connection error getscreen.me/signal/agent..01:12:07.782.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:12:10.464.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261130.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.943836849500062
                                                        Encrypted:false
                                                        SSDEEP:6:byr2XIX+WgIJUN3EMX3Eud2M0CCQP5K0CG53ADNBQEQYR6iys2XIXNLD4EQN/WSg:byr2LQj8P40s5bys2ChK02tvvjr25
                                                        MD5:C99FA084DD5048A372F28EDAEF3EF14C
                                                        SHA1:A1BE42CEBEDB06906BB95952A2BA69AD438FA9BD
                                                        SHA-256:91EA0444CFCFC1B4FDB0E95C13EC09DEA66F79B27CF7EC9EC726A118C0B92ED4
                                                        SHA-512:4ECAE8CEC0B3E43B3FB13E1D02BB09AD30C47CC6E2D45B568D85D6B5F29BA83CDA41CC43F48578AE42B95C6906AF9C5234C7E8214ACA3B2200861A49656E7E97
                                                        Malicious:false
                                                        Preview:04:26:39.696.INFO.Signaling force websocket stop..04:26:42.026.ERROR.Socket unable to read..04:26:42.026.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:26:42.026.ERROR.WebSocket connection error getscreen.me/signal/agent..04:28:07.306.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:28:11.106.INFO.Socket connected to getscreen.me:443..04:30:31.014.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20261202.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):255
                                                        Entropy (8bit):4.781127514514547
                                                        Encrypted:false
                                                        SSDEEP:6:Stg3UMufB3LLkud2M0CCQP5K0CP3LLgDNBQEQ4:SSuB7lQj8P40U7W5T
                                                        MD5:B5ACD62D6B5E742E1FEFF3BA31130458
                                                        SHA1:4F90819B764D29A4F9AE71E1DC972DABBA82D983
                                                        SHA-256:63AA6CD465AA30CDD8CD8EBC2539E9F23D39D9B5C97804E24F1DF46FFFF3D5A7
                                                        SHA-512:C922CF0637BBB52CCD17D0D1302D71C8790FDEDA5912F00817B9BAD1B87DF733E9651462F0547A74FE10E71A5810543B5DFA848A749A993D8EA81A7C8BB41E28
                                                        Malicious:false
                                                        Preview:07:48:00.658.ERROR.Socket unable to read..07:51:00.170.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:51:00.170.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261204.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):6762
                                                        Entropy (8bit):4.989929798426827
                                                        Encrypted:false
                                                        SSDEEP:96:KlR9uxqki2xZGoUFWG5jbGunU/c7D2xGyBjT:KlR9uxqki2xZGoUFWG5jbGuUk7ix1dT
                                                        MD5:FAE0CC4CDF0E210B7116396642D425A1
                                                        SHA1:423B23E0AE620827996F045C1301CA8C59368092
                                                        SHA-256:6283BA5BB3C1630550E401937AB7006959EDF369F657641B723BBEFD47D0B6D8
                                                        SHA-512:5AF8EDA1A662E24DCA98C4E7C91D7AC2AE21EACAD0A9A1E128CA461805D6FED1D8A2FCE3E630CBAC50C39E5E3F29FE24E389210912BAC75D30DA20B341523B7A
                                                        Malicious:false
                                                        Preview:11:06:35.227.INFO.Signaling force websocket stop..11:06:50.671.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:06:58.744.INFO.Socket connected to getscreen.me:443..11:09:16.277.INFO.Signaling force websocket stop..11:09:16.518.ERROR.Socket unable to read..11:09:16.558.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:09:16.558.ERROR.WebSocket connection error getscreen.me/signal/agent..11:10:43.640.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:10:48.579.INFO.Socket connected to getscreen.me:443..11:13:08.230.INFO.Signaling force websocket stop..11:13:08.501.ERROR.Socket unable to read..11:13:09.623.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:13:09.633.ERROR.WebSocket connection error getscreen.me/signal/agent..11:15:30.020.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20261206.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):5.0120278325454235
                                                        Encrypted:false
                                                        SSDEEP:6:bNbssaXXIX+WgIJUUqX2XIXNLD4EQQLvTdzvRWl8RvvJ7X2XIX+WgIJUU9WMIakr:b1IXKK2ChVvTtvvdX2K9YFQj8P40C25T
                                                        MD5:AB13E19E1933036A3546EFAFC6EAF621
                                                        SHA1:6E8DCAA0E9D4CFC73DE242FFDC51BB6CB2B9639B
                                                        SHA-256:F60A6E1C078E97E27610A4604A80CA02BAD7DE0FFB2655D36A169654383C33FE
                                                        SHA-512:9DDDA313E83645951EE79303496DF3D879B93C9FEF3CC24A4EE477B09438BAE9305E763CC38596204C9CAAC70DC68D96E3C5689C30E234CEF9D10492DC5EFB53
                                                        Malicious:false
                                                        Preview:15:28:53.039.INFO.Signaling force websocket stop..15:29:06.584.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:29:15.793.INFO.Socket connected to getscreen.me:443..15:31:29.766.INFO.Signaling force websocket stop..15:31:30.248.ERROR.Socket unable to read..15:31:30.268.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:31:30.268.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261208.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2096
                                                        Entropy (8bit):5.01334057790628
                                                        Encrypted:false
                                                        SSDEEP:48:E5DQvyfaXDf9xfeTEDXs8iE9EDR7rXLyD8kjZ3:RycfhsBgm7rHEl
                                                        MD5:77597C4B777937FBCF880CAD38C92549
                                                        SHA1:6E2EE3BE149B22A7FB309FE4C47BBE6FB5FE4D66
                                                        SHA-256:8B1252680694FA84FBD71679B43CC1F49BAEEDDD0E06087CD26A0605BF9C5C14
                                                        SHA-512:4CA25A99B26232E7422BC98456F4BF88DDB9718DB1F91104CA63087FFD62A62EE88CD9726C9F619C6813D6CFDD9E3A357B940E53492A5AF1F46E23C02647587E
                                                        Malicious:false
                                                        Preview:18:46:41.966.INFO.Signaling force websocket stop..18:47:26.606.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:47:35.066.INFO.Socket connected to getscreen.me:443..18:49:51.881.INFO.Signaling force websocket stop..18:49:54.166.ERROR.Socket unable to read..18:49:54.166.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:49:54.176.ERROR.WebSocket connection error getscreen.me/signal/agent..18:52:07.353.INFO.Signaling force websocket stop..18:53:12.164.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:53:17.743.INFO.Socket connected to getscreen.me:443..18:55:36.532.INFO.Signaling force websocket stop..18:55:37.194.ERROR.Socket unable to read..18:55:37.204.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:55:37.204.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20261210.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):7129
                                                        Entropy (8bit):4.995706696605935
                                                        Encrypted:false
                                                        SSDEEP:192:D/W/mr6r3JRxgWNJ6Ktqn+xsMCWKX+Gi0bCT:w2WsMCC
                                                        MD5:064B2F5163F91343D2A2F0B9CC046A87
                                                        SHA1:96C302887AAF9EF415AC31AE685D90A9850C97A6
                                                        SHA-256:D86EEB15B5E582C23543DE5BBA94B447AAE99349D1B1F3FFE00A9E8F3948747D
                                                        SHA-512:EF1926C9CD15D2A641CFA53BF5460629DAA1046F749D2217855138DD8A3D4917AB223A3E17C51495EBA5A909B1F6C8A605D2C6F1F3820C0039D1C652C30BF4C7
                                                        Malicious:false
                                                        Preview:22:19:25.865.INFO.Signaling force websocket stop..22:19:27.601.ERROR.Socket unable to read..22:19:27.601.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:19:27.601.ERROR.WebSocket connection error getscreen.me/signal/agent..22:21:41.584.INFO.Signaling force websocket stop..22:21:44.337.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:21:48.121.INFO.Socket connected to getscreen.me:443..22:24:09.454.INFO.Signaling force websocket stop..22:24:09.926.ERROR.Socket unable to read..22:24:09.976.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:24:13.353.ERROR.WebSocket connection error getscreen.me/signal/agent..22:26:15.712.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:26:25.143.INFO.Socket connected to getscreen.me:443..22:28:40.705.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20261213.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.709570080329918
                                                        Encrypted:false
                                                        SSDEEP:6:0krr2XIX+WgIJUzWQIXXIXNLD4EQLI/5idzvRWl8Rvvn:Xr2tQChaC5itvvn
                                                        MD5:B6545C063605F4EF6C45B8601B2B26DF
                                                        SHA1:533FECF098A651321086A281575D325A51F24168
                                                        SHA-256:D107C6E2786FBC81E340E7E1ACE61DA55A194479E66554A9EDA5B61A675CA505
                                                        SHA-512:BC90456FCA99DCFE12E34E4ED3C892F921697B2032FB5C7AA7723C99B8DE5955024BD23C26D953B6D9D6120AF63110848DA4CAE5AEDFAFDD23C1A5CDA53C231B
                                                        Malicious:false
                                                        Preview:02:43:24.074.INFO.Signaling force websocket stop..02:43:24.061.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:43:29.232.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261215.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):974
                                                        Entropy (8bit):4.9680684365439545
                                                        Encrypted:false
                                                        SSDEEP:24:+kkXDA3tRGe08tvENDAAttoQTPGedmtvv:jADiqG2DTaQ6sK3
                                                        MD5:F8AD7374B622972CFE16E5916463F23C
                                                        SHA1:33D48882D075DAB2E13FF1EEC657EDF88E152CE6
                                                        SHA-256:EEC5EF751AE92A1819672D90B4E176DDA1968559C7ADE686E4EEBB1A6E4A1491
                                                        SHA-512:98B652CA247D3EC5023ED1246100D4893B90CE4253C4F3F936D36CB3DF565FDB6D10216120365F06D53A04BFD054F979F375E0F4BFED6591A73F4FC8CE841D1E
                                                        Malicious:false
                                                        Preview:05:59:40.308.INFO.Signaling force websocket stop..05:59:42.617.ERROR.Socket unable to read..05:59:42.617.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:59:42.618.ERROR.WebSocket connection error getscreen.me/signal/agent..06:01:53.473.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:01:54.131.INFO.Socket connected to getscreen.me:443..06:04:06.482.INFO.Signaling force websocket stop..06:04:06.553.ERROR.Socket unable to read..06:04:06.593.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:04:06.593.ERROR.WebSocket connection error getscreen.me/signal/agent..06:06:32.033.INFO.Signaling force websocket stop..06:07:02.071.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:07:07.642.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261217.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.933548946112183
                                                        Encrypted:false
                                                        SSDEEP:6:4w4iXIX+WgIJU2xSsbMgfZSsbud2M0CCQP5K0CdSsfDNBQEQ4:d4ioR8Qj8P40G5T
                                                        MD5:E95E6A6101FC3A69624B20ADD65E6095
                                                        SHA1:596332EDF474A58158F52642ADC6E1A67A358131
                                                        SHA-256:FCA7D24EC1EF4CC1F050F8CB67498228DC1A18EFA0DEC2E5781B12BB6D37E0F9
                                                        SHA-512:490E7E331B7B35E7659EC54BF1AD2E92FE08B6D33EA4FC9A38BCB628B7744C592C048DC64DB153193D1CDB63F6601A3506368815319EFEF39859C3511F620FE8
                                                        Malicious:false
                                                        Preview:09:23:44.838.INFO.Signaling force websocket stop..09:23:49.087.ERROR.Socket unable to read..09:23:49.087.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:23:49.087.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20261219.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.717587100052466
                                                        Encrypted:false
                                                        SSDEEP:6:OttrXXIX+WgIJUUuNAXIXNLD4EQoxm2dzvRWl8Rvvn:UlXKBChbFtvvn
                                                        MD5:7C9F2CA3DF7B497E7F73D07CAF638C97
                                                        SHA1:94DAA8C68323B8C4EDB5628B2B79106C4C4AB855
                                                        SHA-256:F84329C560FC2EB2E42E2F1B9FCBA4DB64C241B19C22D847320319D968BEBC9A
                                                        SHA-512:2B6540F3DE8C3B312596F88A5803DFFC0795FC9B102937C6754970A9263179F98E8B4AB495BFA2E08FB23658F7CAA1013D599EDC873A09801BDAA1AC4E2FBF14
                                                        Malicious:false
                                                        Preview:12:39:33.243.INFO.Signaling force websocket stop..12:39:43.752.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:39:53.371.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261221.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):974
                                                        Entropy (8bit):4.998860692347924
                                                        Encrypted:false
                                                        SSDEEP:12:JKBalQj8P40eW5Y2KvChKtvvqQKmQj8P40m54zChPtvvn:JdDAAY2qGKtvfvDAL4zGPtvv
                                                        MD5:3DDE0FB4A63B27DC18E74E492C63D6D2
                                                        SHA1:43F3739F35D9B44C86B78957614800F3F7C25A58
                                                        SHA-256:6A21A42CA3073ABDC88C69C1B1AA32CD3DE40CFE4C5A8C990AE92692A75F1994
                                                        SHA-512:623407FE34E1C7A6904C3EB6A60E381FF9ABFFCF242F9E4C2AA8045E9678301A90E5F97B6DE58BDD2FEAF3975D9A032621D958D3A32A4E91BFD701C4A1B7782B
                                                        Malicious:false
                                                        Preview:15:55:34.233.INFO.Signaling force websocket stop..15:55:36.857.ERROR.Socket unable to read..15:55:36.857.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:55:36.857.ERROR.WebSocket connection error getscreen.me/signal/agent..15:57:49.246.INFO.Signaling force websocket stop..15:59:27.753.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:59:36.079.INFO.Socket connected to getscreen.me:443..16:01:53.188.INFO.Signaling force websocket stop..16:01:53.459.ERROR.Socket unable to read..16:01:53.459.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:01:53.998.ERROR.WebSocket connection error getscreen.me/signal/agent..16:03:09.335.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:03:14.542.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20261223.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1229
                                                        Entropy (8bit):5.007724255996176
                                                        Encrypted:false
                                                        SSDEEP:24:tPpRDAwCCG3XtvTih/BxDAYBivGPtvog5yowDAd/T:lpRDRCj3dA/BxDBBiulCDwT
                                                        MD5:77065DD48814CBBCFEF564973E13B177
                                                        SHA1:6D2EB8C81F046D9AD3A65EA673F692784DA52E4E
                                                        SHA-256:D8EE6D04D3E8A13E3894855832AAD6A1E969F35D1AB83BD241ED7DA2BEB3B85F
                                                        SHA-512:5E1719AE54AE1BCFECD948612E72380950734E9A3777E54B5B2C78046D06CFF5EAC791C0020D96848216B2ECB5C8E21473C3EC39A683C5C29A684080C845DCAC
                                                        Malicious:false
                                                        Preview:19:19:27.174.INFO.Signaling force websocket stop..19:19:29.485.ERROR.Socket unable to read..19:19:29.485.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:19:29.485.ERROR.WebSocket connection error getscreen.me/signal/agent..19:21:21.479.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:21:21.493.INFO.Socket connected to getscreen.me:443..19:23:46.915.INFO.Signaling force websocket stop..19:23:47.156.ERROR.Socket unable to read..19:23:47.176.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:23:47.176.ERROR.WebSocket connection error getscreen.me/signal/agent..19:26:00.162.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:26:07.588.INFO.Socket connected to getscreen.me:443..19:28:25.161.INFO.Signaling force websocket stop..19:28:25.462.ERROR.Socket

                                                        C:\ProgramData\Getscreen.me\logs\20261225.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):139
                                                        Entropy (8bit):4.721506561077505
                                                        Encrypted:false
                                                        SSDEEP:3:/IWLRuns2XINF+WgIO0/VyXXKXINFDhL1JDEELD8Kru5:wMR72XIX+WgIJUqXIXNLD4EQh
                                                        MD5:0DF42D25CF550F161B9BAF4736C66BE2
                                                        SHA1:B399BE59BF74B99CDB738AE5410788FC104FBA84
                                                        SHA-256:8CA2954C35E1E8B9E3684B477FB8F5A651670F31413F54A77DBB46B08813FE36
                                                        SHA-512:EEFBFEC701647141049007AE3F859A6B064AAD3509757DCF70E339CAC6449F3E5C31FDE1D6A5E7F476A271D88A32A9FD1ABDBDDA5FE33110924544B6E406FA0D
                                                        Malicious:false
                                                        Preview:22:44:53.464.INFO.Signaling force websocket stop..22:45:48.212.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                                        C:\ProgramData\Getscreen.me\logs\20261228.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):381
                                                        Entropy (8bit):4.952318782852375
                                                        Encrypted:false
                                                        SSDEEP:6:h5s2XIX+WgIJU3MMmidzvRWl8Rvv91yud2M0CCQP5K0CA9yQDNBQEQYXNXIX+WgV:PXmMTtvv9BQj8P40x9b5pN5
                                                        MD5:3977BEE8EC5152AB173D831A9F1DA019
                                                        SHA1:38CB371FD0FC2787E19A647D93F3F79E87106F24
                                                        SHA-256:3169C26885F3CA13F0A8DC79F39250C5F6A8C754D8C7B66C5417DCAAA9CDAA99
                                                        SHA-512:74D8981804B3D117121F999F148765C01926E622CBB78D2C8B8358897DC41E68F1309BA378D11D494EBF80877D22F6B2F1E35D659D1ACFC50AE361063F129BF7
                                                        Malicious:false
                                                        Preview:02:00:15.847.INFO.Signaling force websocket stop..02:00:16.943.INFO.Socket connected to getscreen.me:443..02:00:17.659.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:00:17.690.ERROR.WebSocket connection error getscreen.me/signal/agent..02:02:42.900.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20261230.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.599341698990738
                                                        Encrypted:false
                                                        SSDEEP:3:01/XXINF+WgIO0/Vyn:01vXIX+WgIJUn
                                                        MD5:DE3CCD7D1B5DAF39F3CAD90A01B0B8FB
                                                        SHA1:A8F1152ED28EA3978033353361F35A79D0E73EC1
                                                        SHA-256:E10390A629BD26FF75573D9906624102D6FB8004D0BBF0EE8231CE04AFA5E9BF
                                                        SHA-512:46F36B504F9F69FB4EF86A701746EEA6BEDF80AA113070092FFDD0A896F070B9A3BDAF3E3F8B3EA8E831D0854566DC4018BC4BA117CAEAF9AAE10C37164394D4
                                                        Malicious:false
                                                        Preview:05:17:15.111.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20270101.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):148
                                                        Entropy (8bit):4.639884172046427
                                                        Encrypted:false
                                                        SSDEEP:3:OUf3LTKjmXINFDhL1JDEELD8Krup/S32dzvRWAAEzRWovn:OG3LsmXIXNLD4EQB/E2dzvRWl8Rvvn
                                                        MD5:C90CA8E4C40B4EF0532F91D90243A150
                                                        SHA1:DAFDCF90C17F67E70C5041FE4A6F3B355E02899F
                                                        SHA-256:13E4FA3AF6B466E83C32032FB1C4F2D004EF1BC3089A21A24A7AF78A1E0251CB
                                                        SHA-512:785312ADBD5CFCD3E316F4ACF20045128508573021C17935EAD7C4DDBF87FB6AAB63E2D3EA737F181346781960C85ADC57A1C0DDE79B35B24CD2B9F2279BE4AC
                                                        Malicious:false
                                                        Preview:08:31:44.542.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:31:50.174.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20270103.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.949624146331609
                                                        Encrypted:false
                                                        SSDEEP:6:D8gm4X2XIX+WgIJUU7dsMkdsud2M0CCQP5K0CbdoDNBQEQ4:zD2K7didJQj8P40ydy5T
                                                        MD5:07B08CCCDF8F8500F11EBAB874CF24E2
                                                        SHA1:BFEEE953EF1997E61C69107D27FB7B60B2706403
                                                        SHA-256:91282B94E7BA536842DD826CC7BBEC3F77C730E5380E6559CE477129BAC9E218
                                                        SHA-512:780CF6FC9A9C330FC771221F7F5E9C60590C2CDC0EF6683F85E1398D68ACC9D44E00894F36D0051046F0D3AEA9B67F4D258E6D33EB503586FC3E14C815905E52
                                                        Malicious:false
                                                        Preview:11:48:23.146.INFO.Signaling force websocket stop..11:48:24.788.ERROR.Socket unable to read..11:48:24.788.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:48:24.788.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270105.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.981258149584492
                                                        Encrypted:false
                                                        SSDEEP:6:pT7iXIX+WgIJUUXns2XIXNLD4EQ+2dzvRWl8RvvJvWs2XIX+WgIJUUPSyMOSyudc:pT7iKXnXChytvvUXKqxjQj8P40vU5T
                                                        MD5:03BDB08C872ADEA314A6F2C9D673F757
                                                        SHA1:7489DE0FBBC33EA4A5C42649D31FADD95E50E0B5
                                                        SHA-256:330526EA3F144812734E6A680B2FC5DABCE9C7ED37116B91C0E72041228CA1A5
                                                        SHA-512:56510164B8C7D7A95BB81B597707EDA09ABF92501D9E74B7769C90D5B5A738F07437B1704CF67EC8AD47895D8CC7BCFBAD2434D00E781224A1F61D63558047C2
                                                        Malicious:false
                                                        Preview:15:03:09.642.INFO.Signaling force websocket stop..15:05:09.275.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:05:20.453.INFO.Socket connected to getscreen.me:443..15:07:34.567.INFO.Signaling force websocket stop..15:07:34.637.ERROR.Socket unable to read..15:07:34.637.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:07:34.637.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270107.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2087
                                                        Entropy (8bit):4.99443036214155
                                                        Encrypted:false
                                                        SSDEEP:24:EkLGStvf0jDAgAMiDGoLtvs/DAoROG5XtvxwczDAo8wZrXG/tvcDXDA3bmGY:El28D6MLohwDHnzuczDmwMVkDKrY
                                                        MD5:1199E3FFF458CEE6E7505EE27F34C715
                                                        SHA1:C88B0E798D5038EA3A732C7C7633D1C129C61219
                                                        SHA-256:E0368F539B2CAF2310E535E75255D6F85C93CB214E194DBAE6C48CA37418C7DD
                                                        SHA-512:17CE51410F9762B2CD6D4528D8286377DE8ACFF97F7DC3254A237CEF53B2C8F6AE9F3DAE5F39009C1F660D6916177C595C9C104143ECD70BE7EC591414E2C49A
                                                        Malicious:false
                                                        Preview:18:22:56.528.INFO.Signaling force websocket stop..18:23:26.917.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:23:28.940.INFO.Socket connected to getscreen.me:443..18:25:50.240.INFO.Signaling force websocket stop..18:25:50.321.ERROR.Socket unable to read..18:25:50.351.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:25:50.351.ERROR.WebSocket connection error getscreen.me/signal/agent..18:28:15.860.INFO.Signaling force websocket stop..18:28:18.199.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:29:45.158.INFO.Socket connected to getscreen.me:443..18:30:32.342.INFO.Signaling force websocket stop..18:30:33.364.ERROR.Socket unable to read..18:30:33.384.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:30:33.384.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20270109.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2936
                                                        Entropy (8bit):4.983132029466486
                                                        Encrypted:false
                                                        SSDEEP:48:rwD7bduJDTb2bOadDebJ0R6SDqbkyv7A4dLSDElbEPDB7DkYbPEa3:qhqOIF0gV7PdLdlY1zEU
                                                        MD5:142FD8FCF28A32C825F5D045FC1FCDDD
                                                        SHA1:E6797161ABCAE9524FC4FE7CB92E948DEC480FCE
                                                        SHA-256:7947C16E2D7DE08B0AC0D202057387989C48EEDB11DD3FD44895BFFC66FD2281
                                                        SHA-512:71F1E048456ABB8C5D64774A075EEC0B1B2FE452EB11F6ACA19B23DD6F8720F14883A4D94CAFFEE38FDD1CD6FC3A87046A408E0849E589C3A496D0F999D1FF24
                                                        Malicious:false
                                                        Preview:21:57:28.550.INFO.Signaling force websocket stop..21:57:28.811.INFO.Socket connected to getscreen.me:443..21:57:33.783.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:57:33.804.ERROR.WebSocket connection error getscreen.me/signal/agent..21:59:53.623.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:00:13.788.INFO.Socket connected to getscreen.me:443..22:02:17.481.INFO.Signaling force websocket stop..22:02:17.872.ERROR.Socket unable to read..22:02:17.872.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:02:17.872.ERROR.WebSocket connection error getscreen.me/signal/agent..22:04:29.714.INFO.Signaling force websocket stop..22:05:57.077.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:06:02.046.INFO.Socket connected to getscreen.me:443..22:08:21.313

                                                        C:\ProgramData\Getscreen.me\logs\20270112.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):5181
                                                        Entropy (8bit):4.990429202560053
                                                        Encrypted:false
                                                        SSDEEP:96:Vkdik06jk0AL0uMSuxd6qhwtegcMl4LsDAT:Vkdik0Ok0ALDEIqhwtevMl4oDAT
                                                        MD5:95EFFE081018596195AD28CB6625AA39
                                                        SHA1:AA0367659044D7D49CEACFF2B7A878B00FF524B3
                                                        SHA-256:4BCE6357CE32512F17993032394934AA2AB9D10478FFEE6CD4C08D34DCF9D119
                                                        SHA-512:93E4BB6BC04F715C7ADE7C670E6872E5A4DE470F88D4DEBEE74BF0AECBF9774F98FAA09FABA0E6564A2ED2A6956E1D0609CA60336EA6536CA425A06C224EFBDE
                                                        Malicious:false
                                                        Preview:01:41:04.390.INFO.Signaling force websocket stop..01:42:28.799.ERROR.Socket unable to read..01:42:28.819.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:42:28.819.ERROR.WebSocket connection error getscreen.me/signal/agent..01:44:54.224.INFO.Signaling force websocket stop..01:46:14.413.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:46:24.324.INFO.Socket connected to getscreen.me:443..01:48:38.641.INFO.Signaling force websocket stop..01:48:38.701.ERROR.Socket unable to read..01:48:38.741.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:48:40.542.ERROR.WebSocket connection error getscreen.me/signal/agent..01:51:03.847.INFO.Signaling force websocket stop..01:51:46.865.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:51:54.254.INFO.Socket c

                                                        C:\ProgramData\Getscreen.me\logs\20270114.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.939668260309944
                                                        Encrypted:false
                                                        SSDEEP:12:gQkF7X2ChOAtvvJkNB+NBRQj8P40gBq5QFU3n2ChBtvvn:gQkFKGxtvBkNINjDARAkU32GBtvv
                                                        MD5:8FBDAB484D1771D282FCC5C14330C25E
                                                        SHA1:E617D4CC0E674C6F5A724479A6B399489750A896
                                                        SHA-256:2847D38002C596E0BB2C7FA1859D7A41527E5B60FAAA12FA9C2032DD9A6BDAE3
                                                        SHA-512:3CB0D3B399E2F4E15184098BF12B217AE109372FF09BCFD9407C31EF75CF25AD3C7B93C6A6956499765F89BEB3059B0CE0CAC70AB27D9A39A9A963F1E3DF5CF6
                                                        Malicious:false
                                                        Preview:05:49:48.627.INFO.Signaling force websocket stop..05:50:07.804.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:50:08.293.INFO.Socket connected to getscreen.me:443..05:52:33.261.INFO.Signaling force websocket stop..05:52:34.244.ERROR.Socket unable to read..05:52:34.244.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:52:34.244.ERROR.WebSocket connection error getscreen.me/signal/agent..05:54:38.814.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:54:39.701.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20270116.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.95697571831345
                                                        Encrypted:false
                                                        SSDEEP:6:4SsiXIX+WgIJU2gzMgf4nZyUud2M0CCQP5K0CknZyQDNBQEQYutLR52XIXNLD4Et:11ogPgoBQj8P409o658x2ChNLVtvvn
                                                        MD5:96689C4F01C1948F4D6AE4937D103D9A
                                                        SHA1:A18A62C845A65537AF335B9D8032C123AD815BFB
                                                        SHA-256:77A498C939CC69CC402DCE1FF608971B5F05274D89C8FD46F12563FE66C43A94
                                                        SHA-512:F378894568D86152F80F8EA62DAEEAEEB73F1A837D4E1E4ED08B72F2340AA28CE3560EFED85ED7E8F325923B1300107793A399EA61EACFD7234CC85BE3A6003D
                                                        Malicious:false
                                                        Preview:09:09:53.412.INFO.Signaling force websocket stop..09:09:56.293.ERROR.Socket unable to read..09:09:56.343.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:09:56.343.ERROR.WebSocket connection error getscreen.me/signal/agent..09:11:22.466.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:11:28.993.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20270118.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.806656707462825
                                                        Encrypted:false
                                                        SSDEEP:3:OfXTrV7NrjmXINF+WgIO0/Vyn:O/TrV75jmXIX+WgIJUn
                                                        MD5:5DFBC41F399E82F85EF0F18E768D5D74
                                                        SHA1:B5E17F4B7B8096C0C43EA5D8C9608E633E9C84BE
                                                        SHA-256:349C849160E2E8E0E14ADD97E3F4AA3049FD120771E5A9BAE8D2C9DA7E7DE70B
                                                        SHA-512:DFC405472BD4BF2B8BFD2C9B3B3158E40EF59CE4A2564D680F0BBC125DE4AD27BDDD162DD4B14A327472590F9F3C527BA9A55184E843BEA207B1D2D26742615E
                                                        Malicious:false
                                                        Preview:12:26:57.048.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20270120.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):255
                                                        Entropy (8bit):4.886831253193801
                                                        Encrypted:false
                                                        SSDEEP:3:JKaLtkKZA12W4vgsX+//KKX76VyITHiC1uPLRyOML0HiqM4vgsTAUOg1MGXAELD/:rWMtgkud2M0CCQP5K0CYggDNBQEQ4
                                                        MD5:BA0739E938566A0C9115E61B50BE6095
                                                        SHA1:511A4A75557166435AAD91967183F9B32D72F67B
                                                        SHA-256:A3F7FC3F65F0CAA78173348158BEC5EE8627529A30804A647F6BEB6CC4A928DB
                                                        SHA-512:3A5076E07E9A8BB9613C3E2496607AD6D89FE6ECF09D0FFC1D7359760E80DA9B11BF0AD21A644F5E0ECF9F9F8B5E7BE46842DB3F538388BCE8A56A4622F2B011
                                                        Malicious:false
                                                        Preview:15:41:27.929.ERROR.Socket unable to read..15:41:30.357.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:41:30.357.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270122.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.806656707462825
                                                        Encrypted:false
                                                        SSDEEP:3:EfQT9ENriXINF+WgIO0/Vyn:Ee9EN2XIX+WgIJUn
                                                        MD5:B239444A137EC985639E9DB6F73D436C
                                                        SHA1:01FF20CD237CAEB235D9F31431A39781BCEAF501
                                                        SHA-256:76C06717D84050F66CF56B95D5F1F5CC4EDB48E343A3A68D3421832D3F61D16B
                                                        SHA-512:4561EFD8B8A041128206858EE6B1687DDE4067214B17736FCE78C73D9A9CA26E86C41ED4CCDAFFF66347D796B6DA63288336416806E0B4FBBACF94CDB737F0D3
                                                        Malicious:false
                                                        Preview:18:56:07.912.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20270124.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.957765914969329
                                                        Encrypted:false
                                                        SSDEEP:6:tmGR2XIX+WgIJUFX0ns2XIXNLD4EQhlXo72dzvRWl8RvvfMcT4jX2XIX+WgIJUfC:Ew2PknXChK5tvv+jm3Qj8P40+5T
                                                        MD5:2A6C88F50081C97C603A81A2D135A0A7
                                                        SHA1:476BB0F28AA3966B04C3343902A4373642682AFD
                                                        SHA-256:12BD0B3A553EE0F211A7D36BB6CFA392E4622F8FB96E3CF44788F063D6E0242D
                                                        SHA-512:2F19FAB77028E5C41481381163E0EFBBA2BDDC0FD29825C210CD6EE590FD2495F1EADEF2A16AD63E3D380B8625CDA9BE2F40DD6C181894C06F149596A621C42C
                                                        Malicious:false
                                                        Preview:22:11:21.056.INFO.Signaling force websocket stop..22:11:23.047.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:11:25.550.INFO.Socket connected to getscreen.me:443..22:13:34.965.INFO.Signaling force websocket stop..22:13:35.026.ERROR.Socket unable to read..22:13:35.026.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:13:35.026.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270127.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2040
                                                        Entropy (8bit):4.972199661104692
                                                        Encrypted:false
                                                        SSDEEP:48:mAqnlDdkE+OODe5km9gZzsDcDkoWo9KO4ODh5k40qW3:mAqzkEFn5kmqkoWol4G5k40qA
                                                        MD5:0607F8ACE6ADB23CE66FD13B3980E7B4
                                                        SHA1:A104B6FFF2EF0CA4ADD6F9559AB3EE725E2288ED
                                                        SHA-256:CF7EE2DC0C24CA1FA1B037DD0E8FD486308EB182F327A60A3C212E68AC14C8D2
                                                        SHA-512:35BE1EA51C3A466498986897F2DA2C58FCAE608D54C9E0CE3983A77BF1B5BB2D3ADA12338C395D595ED12AC5FDF3664506289A98FC316184579E0B789229B0A5
                                                        Malicious:false
                                                        Preview:01:28:52.073.INFO.Signaling force websocket stop..01:28:52.073.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:28:55.649.INFO.Socket connected to getscreen.me:443..01:31:19.020.INFO.Signaling force websocket stop..01:31:19.140.ERROR.Socket unable to read..01:31:19.171.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:31:19.181.ERROR.WebSocket connection error getscreen.me/signal/agent..01:33:23.428.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:33:23.445.INFO.Socket connected to getscreen.me:443..01:35:47.114.INFO.Signaling force websocket stop..01:35:47.366.ERROR.Socket unable to read..01:35:47.367.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:35:47.367.ERROR.WebSocket connection error getscreen.me/signal/agent..01:37:10.613.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20270129.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):770
                                                        Entropy (8bit):4.968969459413788
                                                        Encrypted:false
                                                        SSDEEP:12:VATk6lQj8P40B5QVfFr2ChV+r2tvvB2kMSMp1Qj8P40dpG5T:VATk6lDAyOFr2GoitvskjcDAPT
                                                        MD5:EB40B906947491B52A758B5A1661545A
                                                        SHA1:574E32E5FEA44231308E9020C0445023FA973965
                                                        SHA-256:B996A93E7F609FB974488866E5AA0250AB5694810AA224524125E41B8CC58291
                                                        SHA-512:B8ABA3E8F82553FA6611BEA0AF937625548B8A5F573CFB76F958DA2689148A6B889FAC0A70E1D291B46798A901C42C36CD8F495A5564153457FA8D7981A64FB7
                                                        Malicious:false
                                                        Preview:05:01:48.613.INFO.Signaling force websocket stop..05:01:51.489.ERROR.Socket unable to read..05:01:51.489.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:01:51.489.ERROR.WebSocket connection error getscreen.me/signal/agent..05:04:11.626.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:04:17.014.INFO.Socket connected to getscreen.me:443..05:06:34.790.INFO.Signaling force websocket stop..05:06:34.776.ERROR.Socket unable to read..05:06:34.868.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:06:34.868.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270131.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.721748002067049
                                                        Encrypted:false
                                                        SSDEEP:3:PFLXXINF+WgIO0/Vyn:lXIX+WgIJUn
                                                        MD5:95A626DDC2C7C738B2E4084F713C3431
                                                        SHA1:F900FF11E613EB1A77C6F2B67177C2381A3FBA7D
                                                        SHA-256:D7F847E2CD90AA3AE19C5CB45193C152FD7E8A0210035C347445256C9908C766
                                                        SHA-512:CFD62AF78848D2BBE904FE5F27FDFF227258258160CEDC3B9925CAF64E62F9BB58048E6956A40604818A37F51B54CFA56BC8DED223792AC3B35679AB5E25DF57
                                                        Malicious:false
                                                        Preview:08:21:10.960.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20270202.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4212
                                                        Entropy (8bit):4.9945574214026225
                                                        Encrypted:false
                                                        SSDEEP:96:hdapymH+D1HfPHbxNAulBTCWHP1r9XiQZ63T9wS2z:jKymHC1HX7xNAulBTCaN9Xifmnz
                                                        MD5:3C40E6F6337A8D70D03F2C958DA440EA
                                                        SHA1:7C72073F101B63D8E5A9EA7402EB5826CB17257A
                                                        SHA-256:27464EC75AEAF16D80C9D92F5CB2EA375BF90D0644F34EDD1986F3A700C4D923
                                                        SHA-512:416174BCB651B9AEE7F2179678CF4BF339034DB54E0A910A765BA3FC604DF2924393D86D2C4D90F4F65F25EABF5FB0E5103BF177A308B3B57738C906B8D6FAE1
                                                        Malicious:false
                                                        Preview:11:35:53.078.INFO.Signaling force websocket stop..11:38:08.596.INFO.Signaling force websocket stop..11:38:26.577.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:38:51.373.INFO.Socket connected to getscreen.me:443..11:40:51.397.INFO.Signaling force websocket stop..11:40:51.728.ERROR.Socket unable to read..11:40:51.728.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:40:51.728.ERROR.WebSocket connection error getscreen.me/signal/agent..11:43:17.094.INFO.Signaling force websocket stop..11:43:53.562.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:44:35.263.INFO.Socket connected to getscreen.me:443..11:46:16.839.INFO.Signaling force websocket stop..11:46:16.870.ERROR.Socket unable to read..11:46:16.880.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                                        C:\ProgramData\Getscreen.me\logs\20270204.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.934120918612349
                                                        Encrypted:false
                                                        SSDEEP:6:8emXIX+WgIJUUaskEMxskEud2M0CCQP5K0C6skADNBQEQ4:8BKasWs6Qj8P40Lsb5T
                                                        MD5:646CE0980AAD94835DB27DD78EF8C662
                                                        SHA1:3EC07AE41F1C439D469EEEC585106EAFDEC4C6EE
                                                        SHA-256:BF3DD174FB32716579FE53CE8BBF94E599D50D3AE6A60F26526041DB48307968
                                                        SHA-512:3EEF4B4F57ACC0ACDD62CBBED0CE1800F265696B48B86673C8E2ED91FCA8E2AFC93D3AB9BCA4598A8E6EAF7EF5035D82DEE8F689097B9742393D4A36F74E8CC1
                                                        Malicious:false
                                                        Preview:15:32:59.429.INFO.Signaling force websocket stop..15:33:09.223.ERROR.Socket unable to read..15:33:09.223.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:33:09.223.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270206.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.699513850319967
                                                        Encrypted:false
                                                        SSDEEP:3:EfR9jXXINF+WgIO0/Vyn:E5NXXIX+WgIJUn
                                                        MD5:8AFD5B6CCC1D5DC115286D265BE801EA
                                                        SHA1:7DF95BB005544014327FC6CBBF9FD3967E6DE2AB
                                                        SHA-256:8585CC24C4E4E73BEC5FA0BC5149488CDE98C8E1D3A73010AD8BCFBA18CE36A8
                                                        SHA-512:5B939D9DE32F90D8A95903E8C4C5EEB1C9E4A9EFB026A421B603922861C553202D7A488EA7D517EB4A68870933F190155CB0C0D79A4AEA19D2CF1BFBC0D77161
                                                        Malicious:false
                                                        Preview:18:48:22.313.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20270208.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1489
                                                        Entropy (8bit):5.003863436719323
                                                        Encrypted:false
                                                        SSDEEP:24:Grd2X2GC/tv1n2TDAfb4CVGTGtvqHDA/bbT9X2GFtvUtm5DAOT:GrdcvCVRKDSbL4muDGbNXv38tEDfT
                                                        MD5:01971282736D025A97B523F792521F16
                                                        SHA1:2E801652E12B11FD93FA6A706478ED53DEC4ADC6
                                                        SHA-256:4F62751687805B292F01B6E8D9FDB1D8247C02E5E8D5EDDB40287036E61C6D48
                                                        SHA-512:3D4698D85D792AEBBBE06F5044415EFAB613266E3D094FB2F2B5EB80CDCBDECD4A08C7FBDEB5A9D6BAD886EAC5E038CB6F9359A9DC01AA151ED1C9C6CA9740A2
                                                        Malicious:false
                                                        Preview:22:03:57.136.INFO.Signaling force websocket stop..22:03:59.166.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:04:13.357.INFO.Socket connected to getscreen.me:443..22:06:26.156.INFO.Signaling force websocket stop..22:06:29.993.ERROR.Socket unable to read..22:06:30.003.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:06:30.003.ERROR.WebSocket connection error getscreen.me/signal/agent..22:08:43.849.INFO.Signaling force websocket stop..22:09:26.122.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:09:57.848.INFO.Socket connected to getscreen.me:443..22:11:51.268.INFO.Signaling force websocket stop..22:11:51.589.ERROR.Socket unable to read..22:11:51.589.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:11:51.589.ERROR.WebSocket connection err

                                                        C:\ProgramData\Getscreen.me\logs\20270210.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):4.961305258912479
                                                        Encrypted:false
                                                        SSDEEP:12:TdsXgHmChqtvvmhGgphGPphG6Qj8P40KhGb5T:TdQQmGqtvehGIhShhDAJhyT
                                                        MD5:F8E721477AA14626E9575C3990300A91
                                                        SHA1:8427D36354EBD75F11E66935422B3B8F51C6D8B6
                                                        SHA-256:1A7897C418B02347F4D478FE8FDFFF4603A67F0EE177C626FA2C003BF7C1BBD3
                                                        SHA-512:C1B95220FD7882F46BDB543118D8842462DD3CFE22B71D481B947DEA307BC3C5140847131C737F127208DDC0D02DA380B40B122CF85AC09CD9A0186790ED1D77
                                                        Malicious:false
                                                        Preview:01:34:00.587.INFO.Signaling force websocket stop..01:34:06.962.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:34:16.152.INFO.Socket connected to getscreen.me:443..01:36:30.848.INFO.Signaling force websocket stop..01:36:30.909.ERROR.Socket unable to read..01:36:30.909.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:36:30.909.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270213.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):663
                                                        Entropy (8bit):4.914868757703194
                                                        Encrypted:false
                                                        SSDEEP:12:oiUXCh/tvvImGcjQj8P40x5Im4X2ChJXtvvn:hYG/tvgmGcjDASIqGBtvv
                                                        MD5:BCCB15B4B579C8396349D3A0268D1166
                                                        SHA1:048CD296C116B8F44649A0AF641C7EB67CB1B125
                                                        SHA-256:E927AA8646CBB4A262B10DBE80B2140A80D6911B249996E4C65E024B05A0AAFB
                                                        SHA-512:9EBBECCE1FD15D06DDE5CC038A122AB907A2A274E4F5253DC4D2BE933856FCC25B1DD5F351EB0B4A6606950C85C28B09923017CDC471F89A83A8F66F28A0B07D
                                                        Malicious:false
                                                        Preview:04:51:06.870.INFO.Signaling force websocket stop..04:51:51.592.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:51:54.049.INFO.Socket connected to getscreen.me:443..04:54:04.608.INFO.Signaling force websocket stop..04:54:04.909.ERROR.Socket unable to read..04:54:04.929.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:54:04.930.ERROR.WebSocket connection error getscreen.me/signal/agent..04:56:02.084.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:56:10.622.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20270215.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1827
                                                        Entropy (8bit):4.98968193027069
                                                        Encrypted:false
                                                        SSDEEP:24:MkfW6DAetdGytv5g2QmxDArig/QGStvPXRsIDA+zoGS2tvwXRAh6DA+te+GY:M8W6DhtgWmMDfC2qIDTZSalIDDeXY
                                                        MD5:65FAECED57FB7ABD18ABD76237C8ACC7
                                                        SHA1:F070A774D870FF3D593AEA22969F9D9A9C14F2A7
                                                        SHA-256:F528A2C961F3BED41A8FCCC6BF981CF1234D27D5CCF6760E62F55CA73BEFC822
                                                        SHA-512:90023169F649839E569CF63DA4F3C6DDC697B6EFB1CA89E707B5116BFBEAF7E178443FC19464F171A971025EAE9062AA7EA6DC80577825A2B51DE2CEA572BBCF
                                                        Malicious:false
                                                        Preview:08:11:45.882.INFO.Signaling force websocket stop..08:11:48.656.ERROR.Socket unable to read..08:11:48.656.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:11:48.656.ERROR.WebSocket connection error getscreen.me/signal/agent..08:12:35.305.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:12:37.561.INFO.Socket connected to getscreen.me:443..08:15:00.986.INFO.Signaling force websocket stop..08:15:01.932.ERROR.Socket unable to read..08:15:01.932.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:15:01.932.ERROR.WebSocket connection error getscreen.me/signal/agent..08:17:15.844.INFO.Signaling force websocket stop..08:18:32.244.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:18:37.404.INFO.Socket connected to getscreen.me:443..08:20:57.467.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20270217.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1447
                                                        Entropy (8bit):4.976297877576524
                                                        Encrypted:false
                                                        SSDEEP:24:drX/tvBDAdS8G+tvbPDAZN2tXGTtvVfDAjHjG/s2tvv:drlZDxxSTDwNg2ZVDOH6Ua3
                                                        MD5:76814E26BFA1EFD6AC2907B8C2E866DF
                                                        SHA1:1E241DB002553C180F32CBB45BF430D7160B1322
                                                        SHA-256:D396EC5002012823963DE198DCB059A87ECF078428C6EE1BA43465E6D5325B03
                                                        SHA-512:80F13B476CDAAB1C3D4ED58C6B294D0245C58B1F286A85F12C133891C2B61EA251F7B648C453D45661986BDB5A296350815C5B12669348FBAF95C4596D5856EC
                                                        Malicious:false
                                                        Preview:11:41:05.243.INFO.Signaling force websocket stop..11:41:06.099.INFO.Socket connected to getscreen.me:443..11:41:07.763.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:41:07.773.ERROR.WebSocket connection error getscreen.me/signal/agent..11:43:15.490.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:43:23.513.INFO.Socket connected to getscreen.me:443..11:45:38.829.INFO.Signaling force websocket stop..11:45:39.120.ERROR.Socket unable to read..11:45:39.120.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:45:39.120.ERROR.WebSocket connection error getscreen.me/signal/agent..11:47:58.936.INFO.Signaling force websocket stop..11:49:12.793.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:49:17.953.INFO.Socket connected to getscreen.me:443..11:51:38.022

                                                        C:\ProgramData\Getscreen.me\logs\20270219.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.937561927924814
                                                        Encrypted:false
                                                        SSDEEP:6:SSqXXIX+WgIJUUM4aHMPKUud2M0CCQP5K0CsKQDNBQEQ4:7qXKx0BQj8P40s65T
                                                        MD5:64151BEBAC65262AAF352DFF0DE7C5E9
                                                        SHA1:B13D4EB29185D3DD3284C136D3937495FAE1E9F3
                                                        SHA-256:1BD41E187D3FB175EF734EB9CD5157361A7AF4726FB759CC1FC6ED11B4B0FC80
                                                        SHA-512:1DBBAFEB586510DD1DD6568B2B850A78BEA385745B0609FA539E3543DB28F3FE30728AC1C125C82AC9D45D4006B5CA40A0C1AA54DD7C245CB8184ECFA7123CA5
                                                        Malicious:false
                                                        Preview:15:09:08.683.INFO.Signaling force websocket stop..15:09:13.125.ERROR.Socket unable to read..15:09:13.185.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:09:13.185.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270221.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2555
                                                        Entropy (8bit):5.0014535840421726
                                                        Encrypted:false
                                                        SSDEEP:48:EHLxEakD79no7pDjitag6D4H61wDmFD0bDE51vh3:WxUpSi5HOD55x9
                                                        MD5:CE922095026E50EAD767E2FB258F088D
                                                        SHA1:7AF24EEFD39C72409AF0F5A8B3FC1ADFE332A831
                                                        SHA-256:33F6037876BA7C6B69C4D6307A922B6246FFD945AF124321F7C576BB2461F94F
                                                        SHA-512:B93BAF561B010DDF84ACEF33F7E2A902731C4EB291F9583D3A8F1366C810D7669D5638602D289361C40312B1FF0DC05368F16E7037441732A8D3514BB03313DE
                                                        Malicious:false
                                                        Preview:18:24:21.590.INFO.Signaling force websocket stop..18:24:55.027.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:26:05.996.INFO.Socket connected to getscreen.me:443..18:27:09.060.INFO.Signaling force websocket stop..18:27:09.331.ERROR.Socket unable to read..18:27:09.361.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:27:09.361.ERROR.WebSocket connection error getscreen.me/signal/agent..18:29:33.370.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:29:42.999.INFO.Socket connected to getscreen.me:443..18:31:57.339.INFO.Signaling force websocket stop..18:31:57.650.ERROR.Socket unable to read..18:31:58.171.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:31:58.171.ERROR.WebSocket connection error getscreen.me/signal/agent..18:34:18.844.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20270223.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):459
                                                        Entropy (8bit):4.961457477265332
                                                        Encrypted:false
                                                        SSDEEP:6:Gxds2XIX+WgIJUmM9ud2M0CCQP5K0C+oDNBQEQaX3XFr2XIXNLD4EQh97dzvRWlG:G7X2Qj8P40u5bHX12Chktvvn
                                                        MD5:4C6BCA05DEC8786A1D6F323EDB793383
                                                        SHA1:B60413EC6F4FFAB4426CAF9E9C1D8B80015B48FF
                                                        SHA-256:26E0AECD9B38978AA9E5A34A5EC512248CAD33C40737EFB5025B4D1055116741
                                                        SHA-512:B466A2BFE26DAC10A183872D44615A2D92F0B357A84455FDAD248AB38A6E449E3795D5E7C18C28F27FB340AF7041A434DA9D72423EC9626120F883054758B507
                                                        Malicious:false
                                                        Preview:22:03:55.467.INFO.Signaling force websocket stop..22:03:58.707.ERROR.Socket unable to read..22:03:58.737.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:03:58.738.ERROR.WebSocket connection error getscreen.me/signal/agent..22:05:41.026.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:05:44.172.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20270225.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.925124807060796
                                                        Encrypted:false
                                                        SSDEEP:6:g2OXXIX+WgIJU+/a8bMofXM3Eud2M0CCQP5K0CLM3ADNBQEQ4:fSgi8PUQj8P40Wd5T
                                                        MD5:85BDEFD35198A4A02945142892ED8991
                                                        SHA1:626E67167FE6443FA3B5DE01BB04D2C98A1D9ACC
                                                        SHA-256:9A46BBC7B8795580A6EF45727D1F683042DAE890A83611E07A3E58A702EDDB3E
                                                        SHA-512:028766E2D7DDA6F9D676775481F6093F205846A35C3F9A709E0910B85E39C67ED94E9F8583C7EED7E82AFB450E48CE3D352274211A0F45AFDFC6F0A30144D4B2
                                                        Malicious:false
                                                        Preview:01:21:17.273.INFO.Signaling force websocket stop..01:21:19.932.ERROR.Socket unable to read..01:21:19.943.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:21:19.943.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270228.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):56
                                                        Entropy (8bit):4.770942421748538
                                                        Encrypted:false
                                                        SSDEEP:3:cLS6sXXINF+WgIO0/Vyn:VXIX+WgIJUn
                                                        MD5:34BD2DACBD5A483FD8E1FB847E8EDF07
                                                        SHA1:6FE4D7BE5101D4A9F12FF7C1EBF8D3BF6FEA6DC0
                                                        SHA-256:5EBD75F922BF287CAAEDD12E780DF5F8CC211E82480D8E72D83FC67C2997F118
                                                        SHA-512:D5A0BCACEFBC52DB64B8309D09C92BF0D7B92F957AF913EC729D0FAFDDF8155411962DE426D09E0124887722A696FC7CE18D69808C7903742E3D684E2789F04F
                                                        Malicious:false
                                                        Preview:04:36:11.749.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20270302.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):260
                                                        Entropy (8bit):4.80376979739616
                                                        Encrypted:false
                                                        SSDEEP:6:SQ7cXIX+WgIJU4Z82XIXNLD4EQO7br2dzvRWl8RvvqwCNriXIX+WgIJUn:SAcG82ChR7br2tvvb5
                                                        MD5:E77D80E0A9EF6D5252F5AA310A4A8A5F
                                                        SHA1:6ED318E66D603BCE1673D7ED10DAD639D2498F91
                                                        SHA-256:D242E2829BE0D7BDC620FA860DAFCBC8903B1BA9077553CE7C271A02DC6ACF88
                                                        SHA-512:58EFD34B4813C9A7016064F4765C00CDDFC5562D3C4F02B59DBF4AFB509CF6E72EEA9757FEF1637653E687576EF5F51044ADD630181D241EC4F3A7FD8ED3EA26
                                                        Malicious:false
                                                        Preview:07:51:11.940.INFO.Signaling force websocket stop..07:51:15.166.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:51:15.424.INFO.Socket connected to getscreen.me:443..07:53:27.052.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20270304.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):255
                                                        Entropy (8bit):4.852095261750017
                                                        Encrypted:false
                                                        SSDEEP:6:H4RO3EMuy3Eud2M0CCQP5K0CTy3ADNBQEQ4:8TyBQj8P404y65T
                                                        MD5:0D8D33B1573442B2890EF7CA1ADF560D
                                                        SHA1:83ABF3A8DA99829473AD58A6BB9CA1CE7B9B7FDE
                                                        SHA-256:8AF48D127DB481F499697AF0AEF707F9B7B17E91A808BB1B1A77233B0B12B4DC
                                                        SHA-512:8A39ED16D3BC316EE985C45FEC243F585BE91ED965619FB06393418DE6C22CD72D1E1E73882BA33D840F939409F979233EB8E177A0340D34C5C92E966CE6B0EB
                                                        Malicious:false
                                                        Preview:11:07:54.943.ERROR.Socket unable to read..11:07:58.020.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:07:58.020.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270306.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):260
                                                        Entropy (8bit):4.753605806646321
                                                        Encrypted:false
                                                        SSDEEP:6:IA8XXIX+WgIJUULiXIX+WgIJUUYs2XIXNLD4EQqridzvRWl8Rvvn:IAUKLiKYXChDritvvn
                                                        MD5:CD798CED0E13CCCAFB1AC49AFD9D5EF1
                                                        SHA1:01A8D4FD7431A95CAAECD2DBE595713A685BC64D
                                                        SHA-256:D94438C1855D3E571CBD6665FCCCB3275CFFF0F23D1CE04ACD085859FB6D8425
                                                        SHA-512:289712CD4275E8C2D80C9C762855DBB2A48499A8C8EE4CFC24B2A41B4920DB19B56396472970DC37FAAFD6709BA4DDB0429C359B099C2976AFA38523AE25E265
                                                        Malicious:false
                                                        Preview:14:22:43.213.INFO.Signaling force websocket stop..14:25:11.478.INFO.Signaling force websocket stop..14:25:15.847.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:25:22.571.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20270308.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):311
                                                        Entropy (8bit):4.929866876491596
                                                        Encrypted:false
                                                        SSDEEP:6:FWt2XIX+WgIJUU3yMYud2M0CCQP5K0C7DNBQEQ4:O2KxQj8P40g5T
                                                        MD5:06710ADF2A8334BE814A68B2079D37D2
                                                        SHA1:2089182A4324640394E57C2074074C562DF44CD5
                                                        SHA-256:447FA328C2CA117F768D693757EBCCBD97350806AA18EDA3609161020AD359F9
                                                        SHA-512:B81750923D91E6959401142DAFD7AE426182122F78FE3DD2B76047A661EB4AB84AB20B1E44EC5FF7A689B0CF942F76AB32B29F6D5DB5FC13585621AC2642E29F
                                                        Malicious:false
                                                        Preview:17:41:00.594.INFO.Signaling force websocket stop..17:41:14.546.ERROR.Socket unable to read..17:41:14.576.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:41:14.576.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270310.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):260
                                                        Entropy (8bit):4.807924856863298
                                                        Encrypted:false
                                                        SSDEEP:6:KX4R2XIX+WgIJUogXIXNLD4EQE33rr2dzvRWl8Rvvyt6XiXIX+WgIJUn:o4QygChFLr2tvvyp5
                                                        MD5:634254D061C371AC5E7367BD4E492512
                                                        SHA1:CF24CE4808A94B02F15C5CC30F2C994E420AC70A
                                                        SHA-256:E83C0A2C0C641982E5028976CBE644A275AB220ABB17B164D386413F72C74311
                                                        SHA-512:7CB3873F04BEC91C3D9E600AC89D647A7D310887A7A1EFD6D8456078A965D4C4300F9CFAFA5408EA1BA24BCB6AFE3B2940DB54664C4C9B4C890F4F0DC3C5DC04
                                                        Malicious:false
                                                        Preview:20:58:03.765.INFO.Signaling force websocket stop..20:58:06.640.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:00:18.434.INFO.Socket connected to getscreen.me:443..21:02:02.238.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20270312.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1173
                                                        Entropy (8bit):4.956049274942903
                                                        Encrypted:false
                                                        SSDEEP:24:jLRDAuCMSQGVntvEqrDApjWGAWFtvw2u9DA7GT:fRDzCMOVt9rDAjPz3ADvT
                                                        MD5:E5EA2C6104B4D107056AB2E604442561
                                                        SHA1:C7001595F86475A6509F409E0BFD14F360DD0AE0
                                                        SHA-256:5F81E938D9F392AA4CBAAB71175B367AFFABE9DD958F41FA7F8F3D043741DA81
                                                        SHA-512:50E0A2E7A55A0495B3AACE9D4205DA5DFF6A6C904F10EB76B57A5CEA9FFADCA4A1025565D54BBEF3E0B7FFBE09FBB9941765FB93953797D152A6F20609EAAC24
                                                        Malicious:false
                                                        Preview:00:16:52.631.ERROR.Socket unable to read..00:17:30.643.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:17:30.643.ERROR.WebSocket connection error getscreen.me/signal/agent..00:18:40.274.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:18:40.519.INFO.Socket connected to getscreen.me:443..00:20:54.429.INFO.Signaling force websocket stop..00:20:58.747.ERROR.Socket unable to read..00:20:58.788.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:20:58.788.ERROR.WebSocket connection error getscreen.me/signal/agent..00:23:04.933.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:23:53.399.INFO.Socket connected to getscreen.me:443..00:25:30.323.INFO.Signaling force websocket stop..00:25:31.796.ERROR.Socket unable to read..00:25:31.826.ERROR.SSL

                                                        C:\ProgramData\Getscreen.me\logs\20270315.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):10490
                                                        Entropy (8bit):4.979217858305487
                                                        Encrypted:false
                                                        SSDEEP:192:8C46NQz/RZJq5w8AFDmLD7q8CpI1xo3JyxdrOOh7C8MysbOQ1oQDdpET:Nq8cb9y
                                                        MD5:331A12D419DFEDF99036A4D30FBD5A26
                                                        SHA1:AEBA8CC31F0EC7837AD1A53744DD240A69B6A369
                                                        SHA-256:21A82288343401DD597A8BC963DD8A1B285EAD75EC4F1E8D7D85613667625192
                                                        SHA-512:1B9999C3CB99B1B55716F5219E53BD404AADACD83E264792CEF0B4952AB8412C7C81140FBC1BCB3BB718356CDEE0419D6AAAE5C2656963ACB971AFE498228024
                                                        Malicious:false
                                                        Preview:03:40:25.149.INFO.Signaling force websocket stop..03:40:43.844.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:41:28.190.INFO.Socket connected to getscreen.me:443..03:43:34.532.INFO.Signaling force websocket stop..03:43:34.555.ERROR.Socket unable to read..03:43:34.555.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:43:34.555.ERROR.WebSocket connection error getscreen.me/signal/agent..03:44:30.043.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:44:30.732.INFO.Socket connected to getscreen.me:443..03:46:48.648.INFO.Signaling force websocket stop..03:46:52.138.ERROR.Socket unable to read..03:46:52.480.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:46:52.480.ERROR.WebSocket connection error getscreen.me/signal/agent..03:48:44.386.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20270317.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):719
                                                        Entropy (8bit):4.958638320822899
                                                        Encrypted:false
                                                        SSDEEP:12:Bya0mChujxtvvB0M6Qj8P40hMb5fpGXChgtvvn:YazGujxtvpoDA3fpyGgtvv
                                                        MD5:8AD910CA1E20A38894E4AA1027D05F81
                                                        SHA1:7061F1C67B70580FD71C0211D1101D99B2BA2B74
                                                        SHA-256:42CA8C5DA07D3AF5D904E965341B6E6CF99A9EE98CF0342A35C9BACDA6E6B76F
                                                        SHA-512:6C2772A073B4A3D3F191012DBEFC8471BB62784DA8830BE0221660046CECC3326AE4BCFDA45B3071448D3372CD1DF88BD0DC464DF3122197725A6CA431B9A6E3
                                                        Malicious:false
                                                        Preview:08:33:07.252.INFO.Signaling force websocket stop..08:33:47.045.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:34:16.243.INFO.Socket connected to getscreen.me:443..08:36:12.702.INFO.Signaling force websocket stop..08:36:12.782.ERROR.Socket unable to read..08:36:12.822.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:36:12.822.ERROR.WebSocket connection error getscreen.me/signal/agent..08:38:38.261.INFO.Signaling force websocket stop..08:38:54.075.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:39:01.008.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20270319.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):3289
                                                        Entropy (8bit):5.002837687112033
                                                        Encrypted:false
                                                        SSDEEP:48:2DO5OMZYhODOtByvdLYc+DUPf0KRDiCELkJFDK/ztuyWDbrqdDET:rOsIPoFp7P1EL8E/ztOrFT
                                                        MD5:79FF56D446D85F514121AA27C9DED191
                                                        SHA1:DAA1CE0C3CB2E4D70F166F719F59CE728BEAB1B5
                                                        SHA-256:0F4555529791BF2B1E9CAB54CE59DC95A3F777317FFA939F2F871FE5AD7DF6A7
                                                        SHA-512:65986A650317ADC3F4CD084EA5D2FD59F0B5E9E3DAEB100D02C940D4A0A08D9A71723D60DADB08A7056E35A6DACEACB70DCB5B993071E4AAF57DADCB767B9D67
                                                        Malicious:false
                                                        Preview:11:54:50.032.INFO.Signaling force websocket stop..11:54:59.952.ERROR.Socket unable to read..11:54:59.982.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:54:59.982.ERROR.WebSocket connection error getscreen.me/signal/agent..11:56:41.577.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:57:51.248.INFO.Socket connected to getscreen.me:443..11:58:55.467.INFO.Signaling force websocket stop..11:58:55.527.ERROR.Socket unable to read..11:58:55.567.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:58:55.568.ERROR.WebSocket connection error getscreen.me/signal/agent..12:01:20.936.INFO.Signaling force websocket stop..12:01:26.615.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:01:29.324.INFO.Socket connected to getscreen.me:443..12:04:28.655.INFO.Signalin

                                                        C:\ProgramData\Getscreen.me\logs\20270321.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):719
                                                        Entropy (8bit):4.939126568927212
                                                        Encrypted:false
                                                        SSDEEP:12:rK7KBUQChYtvvKPK/lxQj8P40dK5/s2Chf2tvvn:rOEFGYtvkkxDAYi/s2Gf2tvv
                                                        MD5:715687BDF5746C8C7C9CF03DE1FBCF9E
                                                        SHA1:513C4EA794CFF8DEB7EE7A656C1C8EFD3088AA1F
                                                        SHA-256:CFC4F41FF4E73662962828F365EC442CB8887A91A7D0302F759FF7F6DEE6FCA7
                                                        SHA-512:9C5DE82581D8EABF49F04099BAEC57D52FAE30C5F71F0A2022D7BD237F0FB9988EEABD51D236EFF24F2B8D23B8E2840469104A07E73E342D5E4F8718BED98574
                                                        Malicious:false
                                                        Preview:15:39:44.333.INFO.Signaling force websocket stop..15:42:13.110.INFO.Signaling force websocket stop..15:42:25.661.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:42:27.927.INFO.Socket connected to getscreen.me:443..15:44:50.630.INFO.Signaling force websocket stop..15:44:51.041.ERROR.Socket unable to read..15:44:51.051.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:44:51.051.ERROR.WebSocket connection error getscreen.me/signal/agent..15:46:44.256.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:46:55.517.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\logs\20270323.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):56
                                                        Entropy (8bit):4.770942421748538
                                                        Encrypted:false
                                                        SSDEEP:3:FmZ3mXINF+WgIO0/Vyn:qmXIX+WgIJUn
                                                        MD5:EC0DD9F04C7B4C64BA9A78AA188654AE
                                                        SHA1:B8B5F76FC135CBD19FCDFE0EFD21E9C34CB94A32
                                                        SHA-256:524125B56BF16926AE2CF5A6AC28C57F5B8FA549EFFC6A325AECFF40A7C66263
                                                        SHA-512:5C56E76439A7E2FFE9DFBC3160B384ADF55C83C97CEF01DCEB5DC38228EB86E4A9F1493F0895BC3567B903E0F44BDF0AE7EEB644F0DFD987CAAD7A5101AED617
                                                        Malicious:false
                                                        Preview:19:03:30.748.INFO.Signaling force websocket stop..

                                                        C:\ProgramData\Getscreen.me\logs\20270325.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):255
                                                        Entropy (8bit):4.862655578541328
                                                        Encrypted:false
                                                        SSDEEP:3:/pGsMXKZA12HfFfF9sX+//KKX76VyITHiC1uPLRyOML0Hi+NfF9sTAUOg1MGXAEX:SMvF9kud2M0CCQP5K0C+NF9gDNBQEQ4
                                                        MD5:8FEF0CB41FF37A6EA9B64E79178F1E21
                                                        SHA1:62DD1FE7E232EF17E8CFD31EDA81797A698B60EF
                                                        SHA-256:29095607ED87164626245E008C28BF425603550D28B734FF77F07B2A497CCA58
                                                        SHA-512:D417102EF4CCD501B469B66A9940818273F43CF5AFDECDAD3FDF47FEE7CC36EB8B41308398511E1B40ADB8F68D45C6ED45831D7189145A3B04B6D7DF180D4606
                                                        Malicious:false
                                                        Preview:22:19:17.237.ERROR.Socket unable to read..22:19:20.815.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:19:20.815.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                                        C:\ProgramData\Getscreen.me\logs\20270327.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):204
                                                        Entropy (8bit):4.769988844836253
                                                        Encrypted:false
                                                        SSDEEP:6:gW5X2XIX+WgIJU+vgsn2XIXNLD4EQOiEN2dzvRWl8Rvvn:T5mgvp2ChKEQtvvn
                                                        MD5:2BCEFA5D1D938CDB2C5B597400A4BB70
                                                        SHA1:E8A2231CE3BE910A3E3C4D41D81DFDDCAB779524
                                                        SHA-256:C933AA5FE6A2D106181BB19ECBBC6D15EBB164B7BCCCFA59461A8DF903A5C67E
                                                        SHA-512:A71122A13F49E716CA3BAAD7D54B358818E0F4A6F25658FF456B0B03591A8ECF913CD6AF7ED095EEFEEE96A2252B19691C6034EE234E1434C6B9787082FC8D2B
                                                        Malicious:false
                                                        Preview:01:35:47.527.INFO.Signaling force websocket stop..01:36:01.015.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:36:07.318.INFO.Socket connected to getscreen.me:443..

                                                        C:\ProgramData\Getscreen.me\memory\0000pipe0PCommand96wqtzgijhjvbbpwc02jg7o38si0vg44

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):16777512
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:3::
                                                        MD5:8CCA8765BA082ECC53E001B1D237A8EE
                                                        SHA1:DE616FFC2282B6E4D6D2EC1524DCBE2CD8F270F7
                                                        SHA-256:46D9D79B8BE089ABF16344F1E491613D6710B051EC184A69AC183C349BD71746
                                                        SHA-512:9D884A535930529684E88DDB3AEA26964A5CA984CC07DE6EFE2BFDA6CA5F5D437C521E61ACED07E9379A8337BB1892F13CA67592D8E1E6673CCDBBD89E17DE40
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                        Category:dropped
                                                        Size (bytes):3654448
                                                        Entropy (8bit):7.931173526975996
                                                        Encrypted:false
                                                        SSDEEP:98304:I2WbzRq8h0oEPel9/DLRAHyGBydPnYMJojL5NM:I2ez4o0OmyVnvKLw
                                                        MD5:DE8E90D5C46A3380029FB62D92744F41
                                                        SHA1:E915793CE37D0875714A0DC6F20DA55124BC8F80
                                                        SHA-256:D46919FDDB23E71C0E711EDCD9FB2974328C12DD71758AEAA17DE02DAC73D37B
                                                        SHA-512:A3AC78D1CB12DFC2BC680609E3755AE20F6263A8E49E983660B5C9205C822A445A4AACA3373474815D2D655E6BD4DF296B46611EB178A8E6F59C010C7EB98459
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 1%, Browse
                                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......iI/.-(AD-(AD-(ADfPBE.(AD.D)(AD.EE5(AD9WEE.(AD-(AD./ADfPFE,(AD.BE3(AD.DE](ADfPEE.(ADfPDE.(ADfPGE/(ADfP@En(AD-(@D.*AD>.HE.(AD>.AE,(AD>..D,(AD-(.D,(AD>.CE,(ADRich-(AD........................PE..L..../.f...............(.P7..P....=..)u...=..0u...@...........................u.......8...@..............................U..Pju......0u.P:............7.0/...qu. ............................+u.....<,u.............................................UPX0......=.............................UPX1.....P7...=..N7.................@....rsrc....P...0u..B...R7.............@..............................................................................................................................................................................................................................................................................................................4.22.UPX!....

                                                        C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\Users\user\AppData\Local\Getscreen.me\folder\settings.dat

                                                        Download File
                                                        Process:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):64
                                                        Entropy (8bit):5.800704882778696
                                                        Encrypted:false
                                                        SSDEEP:3:BvmbL2JfG3bIOMpFl8g:qCfG3bROFz
                                                        MD5:C8BAC445210799646E9D4AE84158BC2A
                                                        SHA1:6FC2BDD1340A81902B61DEB9F55C5FA4E05AFB34
                                                        SHA-256:024A09E86D8ED8F712EAB34F677EF0742075AC5CBC6A3946804690FB899BAAAF
                                                        SHA-512:0ABEF1228720F28722FFFE2C3A5FD4592CE55F767D7B62F0B74E6E92DF89F284DDE7789EDA058B8A49D734EF3DBE4961F50CE4C74F1411CAA997E498D16D6201
                                                        Malicious:false
                                                        Preview:...J.+.q....:.OTV..$....l...7......,.6.<.....2.8UO..u.C/.A{;

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                        Entropy (8bit):7.931173526975996
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.66%
                                                        • UPX compressed Win32 Executable (30571/9) 0.30%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:getscreen-456311346-x86.exe
                                                        File size:3'654'448 bytes
                                                        MD5:de8e90d5c46a3380029fb62d92744f41
                                                        SHA1:e915793ce37d0875714a0dc6f20da55124bc8f80
                                                        SHA256:d46919fddb23e71c0e711edcd9fb2974328c12dd71758aeaa17de02dac73d37b
                                                        SHA512:a3ac78d1cb12dfc2bc680609e3755ae20f6263a8e49e983660b5c9205c822a445a4aaca3373474815d2d655e6bd4df296b46611eb178a8e6f59c010c7eb98459
                                                        SSDEEP:98304:I2WbzRq8h0oEPel9/DLRAHyGBydPnYMJojL5NM:I2ez4o0OmyVnvKLw
                                                        TLSH:EB0633E1ED6939A1D33D5CB8112B56BD73FAA03658FE23C78A1D9B219E347028F52113
                                                        File Content Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......iI/.-(AD-(AD-(ADfPBE.(AD...D)(AD..EE5(AD9WEE.(AD-(AD./ADfPFE,(AD..BE3(AD..DE](ADfPEE.(ADfPDE.(ADfPGE/(ADfP@En(AD-(@D.*AD>.HE.(A

                                                        File Icon

                                                        Icon Hash:418c6963696c9643

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x1b529e0
                                                        Entrypoint Section:UPX1
                                                        Digitally signed:true
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x66912FD6 [Fri Jul 12 13:29:58 2024 UTC]
                                                        TLS Callbacks:0x1b52bd3
                                                        CLR (.Net) Version:
                                                        OS Version Major:6
                                                        OS Version Minor:0
                                                        File Version Major:6
                                                        File Version Minor:0
                                                        Subsystem Version Major:6
                                                        Subsystem Version Minor:0
                                                        Import Hash:26c6aff4250b45d1c4ee6d86013ea70c

                                                        Authenticode Signature

                                                        Signature Valid:true
                                                        Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                        Signature Validation Error:The operation completed successfully
                                                        Error Number:0
                                                        Not Before, Not After
                                                        • 28/05/2024 14:50:28 28/06/2026 15:36:10
                                                        Subject Chain
                                                        • CN=POINT B LTD, O=POINT B LTD, L=Limassol, S=Limassol, C=CY, OID.1.3.6.1.4.1.311.60.2.1.3=CY, SERIALNUMBER=HE 430957, OID.2.5.4.15=Private Organization
                                                        Version:3
                                                        Thumbprint MD5:9B083870477F4699693EEECABF351BF8
                                                        Thumbprint SHA-1:B3C999E29AED18DEA59733F3CAA94E788B1AC3A1
                                                        Thumbprint SHA-256:3E73B7C28C18DC6A03B9816F200365F1DF1FF80A7BD0D55DB920F1B24BBD74E7
                                                        Serial:7AE0E9C1CFE2DCE0E21C4327

                                                        Entrypoint Preview

                                                        Instruction
                                                        pushad
                                                        mov esi, 017DE000h
                                                        lea edi, dword ptr [esi-013DD000h]
                                                        push edi
                                                        or ebp, FFFFFFFFh
                                                        jmp 00007F6DE47C0212h
                                                        nop
                                                        nop
                                                        nop
                                                        nop
                                                        nop
                                                        nop
                                                        mov al, byte ptr [esi]
                                                        inc esi
                                                        mov byte ptr [edi], al
                                                        inc edi
                                                        add ebx, ebx
                                                        jne 00007F6DE47C0209h
                                                        mov ebx, dword ptr [esi]
                                                        sub esi, FFFFFFFCh
                                                        adc ebx, ebx
                                                        jc 00007F6DE47C01EFh
                                                        mov eax, 00000001h
                                                        add ebx, ebx
                                                        jne 00007F6DE47C0209h
                                                        mov ebx, dword ptr [esi]
                                                        sub esi, FFFFFFFCh
                                                        adc ebx, ebx
                                                        adc eax, eax
                                                        add ebx, ebx
                                                        jnc 00007F6DE47C020Dh
                                                        jne 00007F6DE47C022Ah
                                                        mov ebx, dword ptr [esi]
                                                        sub esi, FFFFFFFCh
                                                        adc ebx, ebx
                                                        jc 00007F6DE47C0221h
                                                        dec eax
                                                        add ebx, ebx
                                                        jne 00007F6DE47C0209h
                                                        mov ebx, dword ptr [esi]
                                                        sub esi, FFFFFFFCh
                                                        adc ebx, ebx
                                                        adc eax, eax
                                                        jmp 00007F6DE47C01D6h
                                                        add ebx, ebx
                                                        jne 00007F6DE47C0209h
                                                        mov ebx, dword ptr [esi]
                                                        sub esi, FFFFFFFCh
                                                        adc ebx, ebx
                                                        adc ecx, ecx
                                                        jmp 00007F6DE47C0254h
                                                        xor ecx, ecx
                                                        sub eax, 03h
                                                        jc 00007F6DE47C0213h
                                                        shl eax, 08h
                                                        mov al, byte ptr [esi]
                                                        inc esi
                                                        xor eax, FFFFFFFFh
                                                        je 00007F6DE47C0277h
                                                        sar eax, 1
                                                        mov ebp, eax
                                                        jmp 00007F6DE47C020Dh
                                                        add ebx, ebx
                                                        jne 00007F6DE47C0209h
                                                        mov ebx, dword ptr [esi]
                                                        sub esi, FFFFFFFCh
                                                        adc ebx, ebx
                                                        jc 00007F6DE47C01CEh
                                                        inc ecx
                                                        add ebx, ebx
                                                        jne 00007F6DE47C0209h
                                                        mov ebx, dword ptr [esi]
                                                        sub esi, FFFFFFFCh
                                                        adc ebx, ebx
                                                        jc 00007F6DE47C01C0h
                                                        add ebx, ebx
                                                        jne 00007F6DE47C0209h
                                                        mov ebx, dword ptr [esi]
                                                        sub esi, FFFFFFFCh
                                                        adc ebx, ebx
                                                        adc ecx, ecx
                                                        add ebx, ebx
                                                        jnc 00007F6DE47C01F1h
                                                        jne 00007F6DE47C020Bh
                                                        mov ebx, dword ptr [esi]
                                                        sub esi, FFFFFFFCh
                                                        adc ebx, ebx
                                                        jnc 00007F6DE47C01E6h
                                                        add ecx, 02h
                                                        cmp ebp, FFFFFB00h
                                                        adc ecx, 02h
                                                        lea edx, dword ptr [eax+eax]

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x820d900x5500UPX0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1756a500x6c0.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x17530000x3a50.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x3794000x2f30UPX0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x17571100x20.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x1752bf40x18UPX1
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1752c3c0xc0UPX1
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        UPX00x10000x13dd0000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        UPX10x13de0000x3750000x374e00a216f7d1a8e4e14b94fdfbca52f7b652unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x17530000x50000x42005871e1397e577651929aa76b50980e16False0.4675662878787879data5.104875966236682IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        AFX_DIALOG_LAYOUT0x168ca980x2ASCII text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168caa00x2Non-ISO extended-ASCII text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cb080x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x16d4db00x2ASCII text, with no line terminators5.0
                                                        AFX_DIALOG_LAYOUT0x168caa80x2ISO-8859 text, with CR line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cb000x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cb100x2aDOS executable (COM, 0x8C-variant)RussianRussia1.2142857142857142
                                                        AFX_DIALOG_LAYOUT0x168cb400x22dataRussianRussia1.2647058823529411
                                                        AFX_DIALOG_LAYOUT0x168cb680x22dataRussianRussia1.2647058823529411
                                                        AFX_DIALOG_LAYOUT0x168cb900x22dataRussianRussia1.2647058823529411
                                                        AFX_DIALOG_LAYOUT0x168cbb80x22dataRussianRussia1.2647058823529411
                                                        AFX_DIALOG_LAYOUT0x168cbe00x2adataRussianRussia1.2142857142857142
                                                        AFX_DIALOG_LAYOUT0x168cc100x2ASCII text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc280x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc200x2dataRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc180x2ASCII textRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc300x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc380x2ASCII text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc400x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x16d4ff00x2ISO-8859 text, with no line terminatorsEnglishUnited States5.0
                                                        AFX_DIALOG_LAYOUT0x168cc480x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc500x2dataRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc580x2dataRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc600x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc680x2dataRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc700x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cab00x42dataRussianRussia1.1666666666666667
                                                        AFX_DIALOG_LAYOUT0x168caf80x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                                        AFX_DIALOG_LAYOUT0x168cc780x2ISO-8859 text, with no line terminators, with overstrikingRussianRussia5.0
                                                        INI0x16d3a180xadataRussianRussia1.8
                                                        LANG0x16ace600x1b82dataRussianRussia0.8660891792104516
                                                        LANG0x16ae9e80x26fbdataRussianRussia0.950796673013328
                                                        LANG0x16b10e80x1e2bdataRussianRussia0.9835556131037162
                                                        LANG0x16b2f180x1e5ddataRussianRussia0.9994853981731635
                                                        LANG0x16b4d780x1ca1dataRussianRussia0.9953608950743621
                                                        LANG0x16b6a200x21fddataRussianRussia0.983794966095851
                                                        LANG0x16b8c200x1de4dataRussianRussia0.9225039205436487
                                                        LANG0x16baa080x1a50dataRussianRussia0.962143705463183
                                                        LANG0x16bc4580x1d25dataRussianRussia0.9987937273823885
                                                        LANG0x16be1800x1e03dataRussianRussia0.9980476376415462
                                                        LANG0x16e7c380x1ddcdataEnglishUnited States0.9955520669806384
                                                        OPUS0x16bff880xa5e5dataRussianRussia0.9886505451034873
                                                        OPUS0x16ca5700x94a4dataRussianRussia0.978082623777988
                                                        RT_ICON0x168cc800x139dataRussianRussia1.035143769968051
                                                        RT_ICON0x168cdc00x1efdataRussianRussia1.0222222222222221
                                                        RT_ICON0x168cfb00x225dataRussianRussia1.0200364298724955
                                                        RT_ICON0x168d1d80x26bOpenPGP Public KeyRussianRussia1.0177705977382876
                                                        RT_ICON0x168d4480x326dataRussianRussia1.0136476426799008
                                                        RT_ICON0x168d7700x402dataRussianRussia1.010721247563353
                                                        RT_ICON0x17550f00x13bPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedRussianRussia1.034920634920635
                                                        RT_ICON0x17552300x1c5PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedRussianRussia1.0242825607064017
                                                        RT_ICON0x17553fc0x1eePNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedRussianRussia1.0222672064777327
                                                        RT_ICON0x17555f00x253PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedRussianRussia1.0184873949579831
                                                        RT_ICON0x17558480x2e7PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedRussianRussia1.0148048452220726
                                                        RT_ICON0x1755b340x3adPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedRussianRussia1.0116896918172158
                                                        RT_ICON0x168ea200xacdataRussianRussia1.063953488372093
                                                        RT_ICON0x168eae80x159dataRussianRussia1.0318840579710145
                                                        RT_ICON0x168ec480x1e6dataRussianRussia1.022633744855967
                                                        RT_ICON0x168ee300x1f6dataRussianRussia1.0219123505976095
                                                        RT_ICON0x168f0280x26ddataRussianRussia1.0177133655394526
                                                        RT_ICON0x168f2980x31bdataRussianRussia1.0138364779874214
                                                        RT_ICON0x168f5b80x3e7dataRussianRussia1.011011011011011
                                                        RT_ICON0x168fa000xddDOS executable (COM)RussianRussia1.0497737556561086
                                                        RT_ICON0x168faf80x10fdataRussianRussia1.040590405904059
                                                        RT_ICON0x168fc200x25a8dataRussianRussia0.999896265560166
                                                        RT_ICON0x16921e00x12ddataRussianRussia1.0365448504983388
                                                        RT_ICON0x16923280x106dataRussianRussia1.0419847328244274
                                                        RT_ICON0x16924480x109dataRussianRussia1.0415094339622641
                                                        RT_ICON0x16925700x171dataRussianRussia1.029810298102981
                                                        RT_ICON0x16927000x109ddataRussianRussia1.0025864095932282
                                                        RT_ICON0x16937b80xdd9dataRussianRussia1.0031029619181946
                                                        RT_ICON0x16945b00xc0edataRussianRussia1.0035644847699288
                                                        RT_ICON0x16951d80xb91dataRussianRussia1.0037149611617697
                                                        RT_ICON0x1695d880xdd9dataRussianRussia1.0031029619181946
                                                        RT_ICON0x1696b800x11cdataRussianRussia1.0387323943661972
                                                        RT_ICON0x1696cb80x116dataRussianRussia1.039568345323741
                                                        RT_ICON0x1696de80x1c4dataRussianRussia1.0243362831858407
                                                        RT_ICON0x1696fc80x1a1dataRussianRussia1.026378896882494
                                                        RT_ICON0x16971880x182dataRussianRussia1.028497409326425
                                                        RT_ICON0x16973280x222dataRussianRussia1.02014652014652
                                                        RT_ICON0x16975680x11fOpenPGP Secret KeyRussianRussia1.038327526132404
                                                        RT_ICON0x16976a00x103dataRussianRussia1.0424710424710424
                                                        RT_ICON0x16977c00x1588dataRussianRussia1.0019956458635704
                                                        RT_ICON0x1698d600x580dataRussianRussia1.0078125
                                                        RT_ICON0x16992f80x988dataRussianRussia1.0045081967213114
                                                        RT_ICON0x1699c980x25a8dataRussianRussia0.9986514522821577
                                                        RT_ICON0x169c2580x10828dataRussianRussia0.9908316573997398
                                                        RT_ICON0x16d3a280x163data1.0309859154929577
                                                        RT_ICON0x16d3b900x20ddata1.020952380952381
                                                        RT_ICON0x16d3da00x21bdata1.0148423005565863
                                                        RT_ICON0x16d3fc00x282data1.017133956386293
                                                        RT_ICON0x16d42480x33cdata1.0132850241545894
                                                        RT_ICON0x16d45880x413data1.0105465004793863
                                                        RT_ICON0x16d4a000x152data0.9792899408284024
                                                        RT_ICON0x16d4ff80x10a8dataEnglishUnited States0.9798311444652908
                                                        RT_ICON0x16d60b80x988dataEnglishUnited States1.0045081967213114
                                                        RT_ICON0x16d6a580x988dataEnglishUnited States0.9721311475409836
                                                        RT_ICON0x16d73f80x10828dataEnglishUnited States0.9158286998698687
                                                        RT_MENU0x16d4b700xf8data1.0161290322580645
                                                        RT_MENU0x16acd200xd2dataRussianRussia1.0523809523809524
                                                        RT_MENU0x16acdf80x66dataRussianRussia1.088235294117647
                                                        RT_MENU0x16d4c680x46data1.1571428571428573
                                                        RT_DIALOG0x168a0f00x490dataRussianRussia1.009417808219178
                                                        RT_DIALOG0x168a5800x78dataRussianRussia1.0916666666666666
                                                        RT_DIALOG0x16d4cb00x100data0.9765625
                                                        RT_DIALOG0x168a5f80x1f8dataRussianRussia1.0218253968253967
                                                        RT_DIALOG0x168acb00x190dataRussianRussia1.0275
                                                        RT_DIALOG0x168ae400x154dataRussianRussia1.0323529411764707
                                                        RT_DIALOG0x168af980xf4dataRussianRussia1.0450819672131149
                                                        RT_DIALOG0x168b0900x12cdataRussianRussia1.0366666666666666
                                                        RT_DIALOG0x168b1c00x110dataRussianRussia1.0404411764705883
                                                        RT_DIALOG0x168b2d00x128dataRussianRussia1.037162162162162
                                                        RT_DIALOG0x168b3f80x154dataRussianRussia1.0323529411764707
                                                        RT_DIALOG0x168b5500x7edataRussianRussia1.0873015873015872
                                                        RT_DIALOG0x168b8080x148dataRussianRussia1.0335365853658536
                                                        RT_DIALOG0x168b7380xd0dataRussianRussia1.0528846153846154
                                                        RT_DIALOG0x168b5d00x164dataRussianRussia1.0308988764044944
                                                        RT_DIALOG0x168b9500x14cdataRussianRussia1.033132530120482
                                                        RT_DIALOG0x168baa00x1f0dataRussianRussia1.0221774193548387
                                                        RT_DIALOG0x168bc900x284dataRussianRussia1.0170807453416149
                                                        RT_DIALOG0x16d4db80x232dataEnglishUnited States1.019572953736655
                                                        RT_DIALOG0x168bf180x182dataRussianRussia1.0129533678756477
                                                        RT_DIALOG0x168c0a00x68dataRussianRussia1.1057692307692308
                                                        RT_DIALOG0x168c1080x1f8DOS executable (COM, 0x8C-variant)RussianRussia1.0218253968253967
                                                        RT_DIALOG0x168c3000x218dataRussianRussia1.0205223880597014
                                                        RT_DIALOG0x168c5180x2badataRussianRussia1.015759312320917
                                                        RT_DIALOG0x168c7d80x242dataRussianRussia1.019031141868512
                                                        RT_DIALOG0x168a7f00x21cdataRussianRussia1.0203703703703704
                                                        RT_DIALOG0x168aa100x29adataRussianRussia1.0165165165165164
                                                        RT_DIALOG0x168ca200x72OpenPGP Secret KeyRussianRussia1.0964912280701755
                                                        RT_STRING0x16e9a180x38dataRussianRussia1.1964285714285714
                                                        RT_GROUP_ICON0x1755ee80x5adataRussianRussia0.8
                                                        RT_GROUP_ICON0x168db780x5adataRussianRussia1.1222222222222222
                                                        RT_GROUP_ICON0x16d49a00x5adata1.1222222222222222
                                                        RT_GROUP_ICON0x16977a80x14dataRussianRussia1.4
                                                        RT_GROUP_ICON0x168ead00x14dataRussianRussia1.4
                                                        RT_GROUP_ICON0x168f9a00x5adataRussianRussia1.1222222222222222
                                                        RT_GROUP_ICON0x1698d480x14Non-ISO extended-ASCII text, with CR line terminatorsRussianRussia1.45
                                                        RT_GROUP_ICON0x168fae00x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x168fc080x14dataRussianRussia1.2
                                                        RT_GROUP_ICON0x16921c80x14Non-ISO extended-ASCII text, with LF, NEL line terminatorsRussianRussia1.4
                                                        RT_GROUP_ICON0x16d4b580x14Non-ISO extended-ASCII text, with no line terminators1.4
                                                        RT_GROUP_ICON0x16923100x14dataRussianRussia1.4
                                                        RT_GROUP_ICON0x16924300x14locale data tableRussianRussia1.4
                                                        RT_GROUP_ICON0x16925580x14International EBCDIC text, with NEL line terminatorsRussianRussia1.45
                                                        RT_GROUP_ICON0x16926e80x14dataRussianRussia1.4
                                                        RT_GROUP_ICON0x16937a00x14Non-ISO extended-ASCII text, with no line terminators, with overstrikingRussianRussia1.45
                                                        RT_GROUP_ICON0x16945980x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x16951c00x14Non-ISO extended-ASCII text, with no line terminatorsRussianRussia1.4
                                                        RT_GROUP_ICON0x1695d700x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x1696b680x14dataRussianRussia1.4
                                                        RT_GROUP_ICON0x1696ca00x14dataRussianRussia1.4
                                                        RT_GROUP_ICON0x1696dd00x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x1696fb00x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x16971700x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x16973100x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x16975500x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x16976880x14dataRussianRussia1.4
                                                        RT_GROUP_ICON0x16992e00x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x1699c800x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x16d60a00x14dataEnglishUnited States1.45
                                                        RT_GROUP_ICON0x169c2400x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x16aca800x14dataRussianRussia1.45
                                                        RT_GROUP_ICON0x16d6a400x14dataEnglishUnited States1.4
                                                        RT_GROUP_ICON0x16d73e00x14dataEnglishUnited States1.45
                                                        RT_GROUP_ICON0x16e7c200x14dataEnglishUnited States1.45
                                                        RT_VERSION0x1755f480x284dataRussianRussia0.468944099378882
                                                        RT_MANIFEST0x17561d00x87fXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2115), with CRLF line terminatorsEnglishUnited States0.31264367816091954

                                                        Imports

                                                        DLLImport
                                                        ADVAPI32.dllFreeSid
                                                        COMCTL32.dll_TrackMouseEvent
                                                        d3d11.dllD3D11CreateDevice
                                                        dbghelp.dllStackWalk
                                                        dxgi.dllCreateDXGIFactory1
                                                        GDI32.dllLineTo
                                                        gdiplus.dllGdipFree
                                                        IPHLPAPI.DLLGetIfEntry2
                                                        KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                                        MPR.dllWNetGetConnectionW
                                                        msdmo.dllMoInitMediaType
                                                        NETAPI32.dllNetUserGetInfo
                                                        ntdll.dllRtlGetVersion
                                                        NTDSAPI.dllDsMakeSpnW
                                                        ole32.dllOleCreate
                                                        OLEAUT32.dllSysFreeString
                                                        POWRPROF.dllPowerGetActiveScheme
                                                        RPCRT4.dllUuidEqual
                                                        SAS.dllSendSAS
                                                        Secur32.dllFreeCredentialsHandle
                                                        SHELL32.dll
                                                        SHLWAPI.dllPathFileExistsA
                                                        USER32.dllGetDC
                                                        USERENV.dllCreateEnvironmentBlock
                                                        UxTheme.dllIsThemeActive
                                                        VERSION.dllVerQueryValueW
                                                        WINHTTP.dllWinHttpOpen
                                                        WINMM.dllwaveInOpen
                                                        WINSPOOL.DRVGetPrinterW
                                                        WS2_32.dllWSASetLastError
                                                        WTSAPI32.dllWTSFreeMemory

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        RussianRussia
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Sep 3, 2024 10:01:01.285070896 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:01.285120010 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:01.285178900 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:01.285722017 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:01.285739899 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:01.898802042 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:01.899214983 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:01.899246931 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:01.900902033 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:01.900960922 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:01.902468920 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:01.902544022 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:01.902601004 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:01.902615070 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:01.943586111 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:02.203437090 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:02.203511000 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:02.203557014 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:02.361154079 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:02.361190081 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:02.361273050 CEST49732443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:02.361279964 CEST443497325.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:13.457000971 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:13.457053900 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:13.457128048 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:13.457360983 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:13.457370996 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:14.098716021 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:14.099195957 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:14.099244118 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:14.100358963 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:14.100444078 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:14.101419926 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:14.101497889 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:14.101556063 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:14.101562977 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:14.146780014 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:14.431675911 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:14.431751013 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:14.431818962 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:14.433789015 CEST49733443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:14.433810949 CEST443497335.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:32.447467089 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:32.447511911 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:32.447583914 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:32.447904110 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:32.447916031 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:33.066159010 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:33.066740990 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:33.066771030 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:33.067812920 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:33.067878962 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:33.068929911 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:33.069015980 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:33.069080114 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:33.069087029 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:33.115721941 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:33.386924982 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:33.387006044 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:33.387063980 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:33.388942957 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:33.388961077 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:33.389035940 CEST49740443192.168.2.45.75.168.191
                                                        Sep 3, 2024 10:01:33.389041901 CEST443497405.75.168.191192.168.2.4
                                                        Sep 3, 2024 10:01:39.414340019 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:39.414378881 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:39.414448977 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:39.414699078 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:39.414712906 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:40.053729057 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:40.054088116 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:40.054105997 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:40.055082083 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:40.055150032 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:40.055989981 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:40.056051016 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:40.056102037 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:40.056107044 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:40.099946976 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:40.379404068 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:40.379484892 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:40.379596949 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:40.381722927 CEST49741443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:40.381742954 CEST4434974178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:50.397162914 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:50.397217989 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:50.397325993 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:50.400955915 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:50.400969028 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:51.047914028 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:51.048317909 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:51.048345089 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:51.049416065 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:51.049479008 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:51.050426960 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:51.050491095 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:51.050540924 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:51.050551891 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:51.099991083 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:51.381011963 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:51.381095886 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:01:51.381153107 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:51.384089947 CEST49742443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:01:51.384111881 CEST4434974278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:05.091878891 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:05.091929913 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:05.092016935 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:05.095643997 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:05.095673084 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:05.716464043 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:05.716903925 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:05.716945887 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:05.717991114 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:05.718058109 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:05.718955040 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:05.719026089 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:05.719077110 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:05.719089985 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:05.771903038 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:06.040607929 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:06.040693045 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:06.040759087 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:06.042915106 CEST49744443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:06.042934895 CEST4434974478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:07.813364983 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:07.813411951 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:07.813494921 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:07.813740969 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:07.813754082 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:08.544595003 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:08.545727015 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:08.545751095 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:08.546776056 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:08.546861887 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:08.549283981 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:08.549343109 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:08.549393892 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:08.549401045 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:08.600085020 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:08.868053913 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:08.868133068 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:08.868189096 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:08.870094061 CEST49745443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:08.870114088 CEST4434974578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:12.931775093 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:12.931817055 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:12.931885004 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:12.932154894 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:12.932167053 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:13.573389053 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:13.585041046 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:13.585063934 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:13.586124897 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:13.586174965 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:13.595197916 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:13.595268011 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:13.595439911 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:13.595447063 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:13.646927118 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:13.901134968 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:13.901211977 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:13.901303053 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:13.908899069 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:13.908920050 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:13.908958912 CEST49746443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:13.908965111 CEST4434974678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:17.503998995 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:17.504033089 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:17.504093885 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:17.504336119 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:17.504348993 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:18.116709948 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:18.117084980 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:18.117094994 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:18.118000984 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:18.118048906 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:18.118875027 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:18.118928909 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:18.118972063 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:18.118976116 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:18.162657976 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:18.439826965 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:18.439908028 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:18.440043926 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:18.442468882 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:18.442495108 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:18.442538023 CEST49747443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:18.442543983 CEST4434974778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.729341030 CEST49748443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.729379892 CEST4434974878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.729454994 CEST49748443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.729705095 CEST49748443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.729717970 CEST4434974878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.869530916 CEST49748443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.901454926 CEST49749443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.901494026 CEST4434974978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.901551008 CEST49749443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.901796103 CEST49749443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.901813984 CEST4434974978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.916497946 CEST4434974878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.916733027 CEST49749443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.947484970 CEST49750443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.947557926 CEST4434975078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.947658062 CEST49750443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.947885990 CEST49750443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.947912931 CEST4434975078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.956439972 CEST49750443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.964510918 CEST4434974978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.980257988 CEST49751443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.980292082 CEST4434975178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.980346918 CEST49751443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.980570078 CEST49751443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:22.980580091 CEST4434975178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:22.988845110 CEST49751443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.000504017 CEST4434975078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.011254072 CEST49752443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.011288881 CEST4434975278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.011713982 CEST49752443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.012207031 CEST49752443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.012221098 CEST4434975278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.016104937 CEST49752443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.036498070 CEST4434975178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.042898893 CEST49753443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.042973042 CEST4434975378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.043055058 CEST49753443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.043275118 CEST49753443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.043303013 CEST4434975378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.052654982 CEST49753443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.060489893 CEST4434975278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.100500107 CEST4434975378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.175488949 CEST49754443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.175527096 CEST4434975478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.175618887 CEST49754443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.175980091 CEST49754443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.175991058 CEST4434975478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.183350086 CEST49754443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.212812901 CEST49755443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.212848902 CEST4434975578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.212930918 CEST49755443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.213171005 CEST49755443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.213186026 CEST4434975578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.217066050 CEST49755443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.224505901 CEST4434975478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.243712902 CEST49756443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.243726969 CEST4434975678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.243916035 CEST49756443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.244183064 CEST49756443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.244194984 CEST4434975678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.248797894 CEST49756443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.264492989 CEST4434975578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.274950981 CEST49757443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.274965048 CEST4434975778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.275064945 CEST49757443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.275289059 CEST49757443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.275300980 CEST4434975778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.280324936 CEST49757443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.296499968 CEST4434975678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.306355953 CEST49758443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.306370974 CEST4434975878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.306463957 CEST49758443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.306822062 CEST49758443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.306833982 CEST4434975878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.310789108 CEST49758443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.324510098 CEST4434975778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.337869883 CEST49759443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.337902069 CEST4434975978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.338028908 CEST49759443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.338226080 CEST49759443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.338237047 CEST4434975978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.340204000 CEST49759443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.345856905 CEST4434974878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.345976114 CEST4434974878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.346028090 CEST49748443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.346044064 CEST49748443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.352508068 CEST4434975878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.368921041 CEST49760443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.368963003 CEST4434976078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.369046926 CEST49760443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.369271994 CEST49760443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.369282961 CEST4434976078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.373378992 CEST49760443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.384510040 CEST4434975978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.400321960 CEST49761443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.400367975 CEST4434976178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.400439024 CEST49761443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.400687933 CEST49761443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.400697947 CEST4434976178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.404794931 CEST49761443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.420501947 CEST4434976078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.431808949 CEST49762443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.431823015 CEST4434976278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.431979895 CEST49762443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.432224035 CEST49762443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.432230949 CEST4434976278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.436803102 CEST49762443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.452503920 CEST4434976178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.463198900 CEST49763443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.463238001 CEST4434976378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.463407040 CEST49763443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.463670015 CEST49763443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.463685036 CEST4434976378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.468463898 CEST49763443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.484500885 CEST4434976278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.497807980 CEST49764443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.497831106 CEST4434976478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.497893095 CEST49764443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.498960972 CEST49764443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.498975992 CEST4434976478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.508502960 CEST4434976378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.523560047 CEST49764443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.532465935 CEST4434974978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.532516003 CEST49749443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.558986902 CEST49765443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.559007883 CEST4434976578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.559068918 CEST49765443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.559684992 CEST49765443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.559694052 CEST4434976578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.564873934 CEST49765443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.568501949 CEST4434976478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.568942070 CEST4434975078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.568980932 CEST49750443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.589320898 CEST49766443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.589335918 CEST4434976678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.589399099 CEST49766443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.589797020 CEST49766443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.589803934 CEST4434976678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.597588062 CEST4434975178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.597668886 CEST49751443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.597680092 CEST4434975178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.597727060 CEST49751443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.604804993 CEST49766443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.612490892 CEST4434976578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.639158964 CEST49767443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.639199018 CEST4434976778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.639300108 CEST49767443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.639632940 CEST49767443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.639646053 CEST4434976778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.652493000 CEST4434976678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.652992964 CEST49767443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.681787014 CEST4434975378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.681844950 CEST49753443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.683116913 CEST49768443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.683152914 CEST4434976878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.683273077 CEST49768443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.683581114 CEST49768443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.683587074 CEST4434976878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.689857960 CEST49768443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.700509071 CEST4434976778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.711639881 CEST4434975278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.711705923 CEST49752443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.714478970 CEST49769443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.714515924 CEST4434976978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.714580059 CEST49769443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.714907885 CEST49769443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.714920044 CEST4434976978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.721949100 CEST49769443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.732506990 CEST4434976878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.744324923 CEST49770443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.744362116 CEST4434977078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.744424105 CEST49770443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.744662046 CEST49770443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.744673967 CEST4434977078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.752707958 CEST49770443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.768508911 CEST4434976978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.777136087 CEST49771443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.777154922 CEST4434977178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.777219057 CEST49771443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.777523994 CEST49771443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.777532101 CEST4434977178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.781109095 CEST49771443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.796505928 CEST4434977078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.802795887 CEST4434975478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.802889109 CEST49754443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.802894115 CEST4434975478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.802947998 CEST49754443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.807341099 CEST49772443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.807362080 CEST4434977278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.807419062 CEST49772443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.807831049 CEST49772443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.807840109 CEST4434977278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.815341949 CEST49772443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.824512005 CEST4434977178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.829864025 CEST4434975578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.829926968 CEST49755443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.842439890 CEST49773443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.842466116 CEST4434977378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.842523098 CEST49773443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.843002081 CEST49773443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.843013048 CEST4434977378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.854948044 CEST49773443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.860496044 CEST4434977278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.861062050 CEST4434975678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.861152887 CEST4434975678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.861208916 CEST49756443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.861268044 CEST49756443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.885598898 CEST49774443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.885636091 CEST4434977478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.885710001 CEST49774443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.886012077 CEST49774443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.886023998 CEST4434977478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.888442993 CEST49774443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.896501064 CEST4434977378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.909573078 CEST4434975778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.909640074 CEST49757443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.916332006 CEST49775443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.916368008 CEST4434977578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.916440964 CEST49775443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.916695118 CEST49775443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.916707039 CEST4434977578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.921792984 CEST49775443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.928502083 CEST4434977478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.947216988 CEST49776443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.947248936 CEST4434977678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.947453022 CEST49776443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.947695017 CEST49776443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.947705030 CEST4434977678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.953416109 CEST49776443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.954135895 CEST4434975878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.954189062 CEST49758443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.959235907 CEST4434975978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.959285021 CEST49759443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.968499899 CEST4434977578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.978600979 CEST49777443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.978632927 CEST4434977778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.978826046 CEST49777443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.979098082 CEST49777443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.979110003 CEST4434977778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.986167908 CEST49777443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:23.996505022 CEST4434977678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.997087955 CEST4434976078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:23.997150898 CEST49760443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.009938002 CEST49778443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.009968042 CEST4434977878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.010241032 CEST49778443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.010473967 CEST49778443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.010487080 CEST4434977878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.017544031 CEST49778443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.018738985 CEST4434976178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.018788099 CEST49761443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.028505087 CEST4434977778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.041662931 CEST49779443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.041685104 CEST4434977978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.041841030 CEST49779443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.042236090 CEST49779443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.042247057 CEST4434977978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.050713062 CEST49779443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.062391996 CEST4434976278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.062489033 CEST4434976278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.062565088 CEST49762443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.062566042 CEST49762443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.064507961 CEST4434977878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.072180033 CEST49780443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.072205067 CEST4434978078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.072276115 CEST49780443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.072547913 CEST49780443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.072555065 CEST4434978078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.079659939 CEST49780443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.092508078 CEST4434977978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.103570938 CEST49781443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.103601933 CEST4434978178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.103784084 CEST49781443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.103988886 CEST49781443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.104000092 CEST4434978178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.106597900 CEST49781443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.120503902 CEST4434978078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.133963108 CEST4434976478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.134145021 CEST49764443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.134439945 CEST49782443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.134449005 CEST4434978278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.134533882 CEST49782443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.135008097 CEST49782443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.135018110 CEST4434978278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.143842936 CEST49782443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.148498058 CEST4434978178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.166177988 CEST49783443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.166196108 CEST4434978378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.166327953 CEST49783443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.166526079 CEST49783443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.166537046 CEST4434978378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.173650980 CEST49783443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.185774088 CEST4434976378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.185878038 CEST4434976378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.185909986 CEST49763443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.185935020 CEST49763443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.188499928 CEST4434978278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.195944071 CEST4434976578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.196038008 CEST4434976578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.196115017 CEST49765443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.196115017 CEST49765443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.220506907 CEST4434978378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.245609045 CEST4434976678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.245707035 CEST4434976678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.245735884 CEST49766443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.245779991 CEST49766443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.246575117 CEST49784443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.246596098 CEST4434978478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.246695995 CEST49784443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.247132063 CEST49784443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.247138023 CEST4434978478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.252165079 CEST49784443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.258255959 CEST4434976778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.258342028 CEST49767443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.275741100 CEST49785443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.275774002 CEST4434978578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.275844097 CEST49785443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.276191950 CEST49785443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.276199102 CEST4434978578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.285491943 CEST49785443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.292514086 CEST4434978478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.306551933 CEST49786443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.306570053 CEST4434978678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.306678057 CEST49786443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.306996107 CEST49786443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.307007074 CEST4434978678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.314101934 CEST49786443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.327642918 CEST4434976878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.327750921 CEST4434976878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.327784061 CEST49768443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.327843904 CEST49768443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.332499027 CEST4434978578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.339973927 CEST49787443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.340002060 CEST4434978778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.340111971 CEST49787443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.340401888 CEST49787443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.340413094 CEST4434978778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.348908901 CEST49787443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.354145050 CEST4434976978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.354227066 CEST49769443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.360491037 CEST4434978678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.369674921 CEST49788443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.369688034 CEST4434978878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.369834900 CEST49788443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.370058060 CEST49788443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.370068073 CEST4434978878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.377083063 CEST4434977078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.377170086 CEST49770443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.378279924 CEST49788443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.392496109 CEST4434978778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.401587009 CEST49789443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.401617050 CEST4434978978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.401900053 CEST49789443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.402020931 CEST49789443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.402029037 CEST4434978978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.407835007 CEST49789443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.424498081 CEST4434978878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.432241917 CEST49790443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.432256937 CEST4434979078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.432497978 CEST49790443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.432706118 CEST49790443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.432717085 CEST4434979078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.438688040 CEST4434977178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.438782930 CEST4434977178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.438810110 CEST49771443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.438841105 CEST49771443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.439610004 CEST49790443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.447031975 CEST4434977278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.447119951 CEST49772443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.447134972 CEST4434977278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.447283030 CEST49772443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.448507071 CEST4434978978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.462977886 CEST49791443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.463010073 CEST4434979178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.463109016 CEST49791443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.463382959 CEST49791443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.463395119 CEST4434979178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.467128992 CEST49791443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.470035076 CEST4434977378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.470136881 CEST4434977378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.470175028 CEST49773443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.470205069 CEST49773443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.484508038 CEST4434979078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.495049953 CEST49792443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.495095968 CEST4434979278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.498358011 CEST49792443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.500628948 CEST49792443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.500628948 CEST49792443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.500643969 CEST4434979278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.507723093 CEST4434977478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.507795095 CEST49774443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.508507013 CEST4434979178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.530123949 CEST49793443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.530164003 CEST4434979378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.530327082 CEST49793443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.530747890 CEST49793443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.530766964 CEST4434979378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.538784981 CEST4434977578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.538873911 CEST49775443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.545464993 CEST49793443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.548499107 CEST4434979278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.568907976 CEST4434977678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.568986893 CEST49776443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.577766895 CEST49794443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.577795029 CEST4434979478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.578119040 CEST49794443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.578320980 CEST49794443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.578332901 CEST4434979478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.586630106 CEST49794443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.588510036 CEST4434979378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.608407974 CEST4434977778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.608479023 CEST49777443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.619103909 CEST49795443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.619144917 CEST4434979578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.619272947 CEST49795443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.619484901 CEST49795443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.619494915 CEST4434979578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.630274057 CEST49795443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.632494926 CEST4434979478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.637586117 CEST4434977878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.637691975 CEST49778443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.650389910 CEST49796443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.650405884 CEST4434979678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.650533915 CEST49796443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.650815010 CEST49796443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.650825024 CEST4434979678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.656714916 CEST49796443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.676497936 CEST4434979578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.681579113 CEST49797443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.681610107 CEST4434979778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.681771040 CEST49797443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.681962013 CEST49797443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.681977034 CEST4434979778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.683527946 CEST49797443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.700494051 CEST4434979678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.714279890 CEST49798443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.714289904 CEST4434979878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.714364052 CEST49798443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.717266083 CEST49798443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.717266083 CEST49798443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.717279911 CEST4434979878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.724494934 CEST4434979778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.731674910 CEST4434978178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.731771946 CEST4434978178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.731802940 CEST49781443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.731847048 CEST49781443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.743630886 CEST49799443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.743644953 CEST4434979978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.743722916 CEST49799443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.743959904 CEST49799443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.743972063 CEST4434979978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.749583006 CEST49799443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.760499001 CEST4434979878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.767076969 CEST4434977978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.767160892 CEST49779443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.767167091 CEST4434977978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.767241001 CEST49779443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.774938107 CEST49800443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.774954081 CEST4434980078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.775043011 CEST49800443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.775254011 CEST49800443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.775265932 CEST4434980078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.780822992 CEST49800443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.781930923 CEST4434978078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.782023907 CEST4434978078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.782089949 CEST49780443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.782089949 CEST49780443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.786106110 CEST4434978378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.786200047 CEST4434978378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.786201954 CEST49783443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.786278009 CEST49783443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.790225983 CEST4434978278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.790297985 CEST49782443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.796494007 CEST4434979978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.806889057 CEST49801443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.806905985 CEST4434980178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.807027102 CEST49801443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.807292938 CEST49801443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.807305098 CEST4434980178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.819699049 CEST49801443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.824506044 CEST4434980078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.856307030 CEST49802443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.856324911 CEST4434980278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.856431961 CEST49802443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.856791973 CEST49802443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.856803894 CEST4434980278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.860183954 CEST49802443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.864492893 CEST4434980178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.871093988 CEST4434978478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.871181011 CEST4434978478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.871213913 CEST49784443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.871268988 CEST49784443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.885294914 CEST49803443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.885314941 CEST4434980378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.885376930 CEST49803443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.885823965 CEST49803443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.885835886 CEST4434980378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.893454075 CEST49803443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.904495001 CEST4434980278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.915946007 CEST49804443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.915970087 CEST4434980478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.916043997 CEST49804443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.916497946 CEST49804443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.916506052 CEST4434980478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.919064999 CEST4434978578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.919166088 CEST4434978578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.919177055 CEST49785443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.919244051 CEST49785443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.926279068 CEST49804443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.940500021 CEST4434980378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.947184086 CEST49805443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.947205067 CEST4434980578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.947370052 CEST49805443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.947577953 CEST49805443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.947588921 CEST4434980578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.953145981 CEST49805443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.953557968 CEST4434978678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.953660965 CEST49786443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.953664064 CEST4434978678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.953780890 CEST49786443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.972502947 CEST4434980478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.978594065 CEST49806443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.978609085 CEST4434980678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.982368946 CEST49806443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.982686996 CEST49806443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.982697964 CEST4434980678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.986372948 CEST49806443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.994493961 CEST4434978778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.994550943 CEST49787443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.996506929 CEST4434980578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.998343945 CEST4434978878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.998430967 CEST49788443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:24.998435020 CEST4434978878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:24.998521090 CEST49788443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.010158062 CEST49807443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.010178089 CEST4434980778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.010385036 CEST49807443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.011085033 CEST49807443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.011097908 CEST4434980778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.016321898 CEST49807443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.032507896 CEST4434980678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.040704966 CEST49808443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.040726900 CEST4434980878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.044356108 CEST49808443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.044639111 CEST49808443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.044651985 CEST4434980878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.047646999 CEST49808443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.048047066 CEST4434978978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.048115015 CEST49789443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.056243896 CEST4434979078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.056307077 CEST49790443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.056498051 CEST4434980778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.073261023 CEST49809443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.073297024 CEST4434980978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.073367119 CEST49809443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.073677063 CEST49809443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.073690891 CEST4434980978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.086718082 CEST49809443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.088504076 CEST4434980878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.094742060 CEST4434979178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.094851971 CEST4434979178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.094866037 CEST49791443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.094894886 CEST49791443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.119357109 CEST49810443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.119393110 CEST4434981078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.119497061 CEST49810443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.119772911 CEST49810443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.119786024 CEST4434981078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.123239040 CEST4434979278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.123338938 CEST4434979278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.123353004 CEST49792443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.123377085 CEST49792443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.123620033 CEST49810443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.132498026 CEST4434980978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.150454044 CEST49811443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.150479078 CEST4434981178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.150548935 CEST49811443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.150836945 CEST49811443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.150846958 CEST4434981178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.163377047 CEST49811443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.163743973 CEST4434979378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.163800955 CEST49793443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.164510012 CEST4434981078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.198278904 CEST49812443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.198302031 CEST4434981278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.198374033 CEST49812443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.198616982 CEST49812443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.198628902 CEST4434981278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.204755068 CEST49812443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.208501101 CEST4434981178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.230674028 CEST4434979478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.230793953 CEST4434979478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.231060982 CEST49794443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.231085062 CEST49794443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.234025955 CEST49813443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.234050989 CEST4434981378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.234117985 CEST49813443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.234428883 CEST49813443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.234451056 CEST4434981378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.237409115 CEST49813443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.252495050 CEST4434981278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.260507107 CEST49814443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.260526896 CEST4434981478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.260607958 CEST49814443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.260927916 CEST49814443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.260938883 CEST4434981478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.266453981 CEST49814443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.271583080 CEST4434979578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.271646023 CEST49795443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.280493975 CEST4434981378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.283592939 CEST4434979678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.283653021 CEST49796443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.291030884 CEST49815443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.291049957 CEST4434981578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.291229963 CEST49815443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.291497946 CEST49815443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.291508913 CEST4434981578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.297646999 CEST49815443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.305059910 CEST4434979778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.305119038 CEST49797443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.312494040 CEST4434981478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.321712017 CEST49816443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.321727037 CEST4434981678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.321767092 CEST49816443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.322014093 CEST49816443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.322026014 CEST4434981678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.326694012 CEST49816443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.344495058 CEST4434981578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.345320940 CEST4434979878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.345376015 CEST49798443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.353346109 CEST49817443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.353359938 CEST4434981778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.353408098 CEST49817443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.353642941 CEST49817443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.353652954 CEST4434981778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.358491898 CEST49817443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.359848976 CEST4434979978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.359910011 CEST49799443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.372493982 CEST4434981678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.384221077 CEST49818443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.384232998 CEST4434981878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.384318113 CEST49818443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.384588957 CEST49818443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.384598017 CEST4434981878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.389704943 CEST49818443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.404495001 CEST4434981778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.416059017 CEST49819443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.416069031 CEST4434981978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.416127920 CEST49819443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.416441917 CEST49819443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.416454077 CEST4434981978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.422127008 CEST49819443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.436496973 CEST4434981878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.447257042 CEST49820443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.447268963 CEST4434982078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.447325945 CEST49820443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.447568893 CEST49820443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.447580099 CEST4434982078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.453248978 CEST49820443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.468494892 CEST4434981978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.478646994 CEST49821443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.478657961 CEST4434982178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.478755951 CEST49821443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.479023933 CEST49821443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.479036093 CEST4434982178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.486013889 CEST49821443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.496495962 CEST4434982078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.509385109 CEST49822443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.509397030 CEST4434982278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.509571075 CEST49822443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.509793043 CEST49822443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.509804964 CEST4434982278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.514986038 CEST49822443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.528502941 CEST4434982178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.541755915 CEST49823443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.541774988 CEST4434982378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.541896105 CEST49823443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.542179108 CEST49823443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.542191982 CEST4434982378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.548844099 CEST49823443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.560508966 CEST4434982278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.573184013 CEST49824443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.573230028 CEST4434982478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.573286057 CEST49824443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.573693991 CEST49824443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.573703051 CEST4434982478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.579682112 CEST4434980078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.579790115 CEST49800443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.580141068 CEST4434980178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.580244064 CEST4434980178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.580250978 CEST4434980378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.580266953 CEST49801443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.580296993 CEST49801443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.580313921 CEST49803443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.581240892 CEST4434980478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.581311941 CEST49804443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.581332922 CEST4434980278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.581379890 CEST49802443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.583168030 CEST49824443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.596497059 CEST4434982378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.600246906 CEST4434980578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.600332975 CEST49805443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.611794949 CEST4434980678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.611852884 CEST49806443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.619648933 CEST49825443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.619687080 CEST4434982578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.619735956 CEST49825443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.620066881 CEST49825443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.620080948 CEST4434982578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.626374006 CEST49825443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.628494024 CEST4434982478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.650002003 CEST49826443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.650028944 CEST4434982678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.650088072 CEST49826443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.650414944 CEST49826443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.650429010 CEST4434982678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.652498960 CEST4434980778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.652555943 CEST49807443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.656188965 CEST49826443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.668145895 CEST4434980878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.668211937 CEST49808443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.672493935 CEST4434982578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.682202101 CEST49827443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.682221889 CEST4434982778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.682271957 CEST49827443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.682565928 CEST49827443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.682574987 CEST4434982778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.692723989 CEST49827443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.700495005 CEST4434982678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.707021952 CEST4434980978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.707118034 CEST4434980978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.707130909 CEST49809443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.707165956 CEST49809443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.713136911 CEST49828443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.713160038 CEST4434982878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.713244915 CEST49828443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.713543892 CEST49828443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.713556051 CEST4434982878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.723443031 CEST49828443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.740502119 CEST4434982778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.744878054 CEST49829443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.744894028 CEST4434982978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.745024920 CEST49829443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.745352983 CEST49829443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.745361090 CEST4434982978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.756947994 CEST49829443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.767844915 CEST4434981078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.767930031 CEST49810443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.768506050 CEST4434982878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.774796963 CEST4434981178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.774903059 CEST4434981178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.774945974 CEST49811443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.774965048 CEST49811443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.792589903 CEST49830443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.792618990 CEST4434983078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.792673111 CEST49830443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.792970896 CEST49830443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.792983055 CEST4434983078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.801764011 CEST49830443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.804493904 CEST4434982978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.815244913 CEST4434981278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.815314054 CEST49812443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.822417974 CEST49831443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.822447062 CEST4434983178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.822572947 CEST49831443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.822844982 CEST49831443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.822854042 CEST4434983178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.831667900 CEST49831443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.844506025 CEST4434983078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.852957010 CEST49832443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.852978945 CEST4434983278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.853053093 CEST49832443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.853280067 CEST49832443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.853290081 CEST4434983278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.858485937 CEST49832443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.876492977 CEST4434983178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.882874966 CEST4434981378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.882986069 CEST4434981378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.882993937 CEST49813443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.883600950 CEST49813443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.886238098 CEST49833443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.886260986 CEST4434983378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.886393070 CEST49833443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.886743069 CEST49833443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.886753082 CEST4434983378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.888139963 CEST4434981478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.888206959 CEST49814443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.890997887 CEST49833443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.904493093 CEST4434983278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.921180964 CEST49834443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.921199083 CEST4434983478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.921248913 CEST49834443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.921521902 CEST49834443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.921529055 CEST4434983478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.928977966 CEST49834443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.936494112 CEST4434983378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.942259073 CEST4434981678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.942326069 CEST49816443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.963248968 CEST49835443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.963273048 CEST4434983578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.963373899 CEST49835443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.963629007 CEST49835443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.963639975 CEST4434983578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.969916105 CEST49835443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.976511955 CEST4434983478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.980643988 CEST4434981778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.980756044 CEST4434981778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.980756044 CEST49817443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.980794907 CEST49817443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.996495962 CEST49836443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.996526957 CEST4434983678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.996579885 CEST49836443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.996845961 CEST49836443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:25.996855021 CEST4434983678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.998357058 CEST4434981578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:25.998425961 CEST49815443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.000293016 CEST49836443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.016496897 CEST4434983578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.025024891 CEST49837443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.025057077 CEST4434983778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.025157928 CEST49837443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.025387049 CEST49837443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.025401115 CEST4434983778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.032078981 CEST49837443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.044492006 CEST4434983678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.059154987 CEST49838443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.059179068 CEST4434983878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.059299946 CEST49838443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.060290098 CEST49838443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.060308933 CEST4434983878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.065717936 CEST49838443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.076489925 CEST4434983778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.104357004 CEST49839443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.104374886 CEST4434983978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.104448080 CEST49839443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.105423927 CEST49839443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.105423927 CEST49839443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.105433941 CEST4434983978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.112492085 CEST4434983878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.136292934 CEST49840443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.136336088 CEST4434984078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.136472940 CEST49840443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.136782885 CEST49840443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.136795998 CEST4434984078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.140310049 CEST49840443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.152496099 CEST4434983978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.168349981 CEST49841443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.168380976 CEST4434984178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.168498993 CEST49841443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.168843985 CEST49841443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.168855906 CEST4434984178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.174933910 CEST49841443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.184501886 CEST4434984078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.190977097 CEST4434981978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.191080093 CEST4434981978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.191159964 CEST49819443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.191159964 CEST49819443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.197154999 CEST49842443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.197166920 CEST4434984278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.197278976 CEST49842443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.197535038 CEST49842443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.197541952 CEST4434984278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.203669071 CEST49842443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.205581903 CEST4434981878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.205652952 CEST49818443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.210738897 CEST4434982378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.210839987 CEST4434982378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.210845947 CEST49823443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.210967064 CEST49823443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.218471050 CEST4434982178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.218537092 CEST49821443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.220494986 CEST4434984178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.221009970 CEST4434982478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.221096992 CEST4434982478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.221101999 CEST49824443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.221223116 CEST49824443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.221286058 CEST4434982078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.221358061 CEST49820443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.223300934 CEST4434982278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.223428011 CEST4434982278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.223484039 CEST49822443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.223643064 CEST49822443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.228286982 CEST49843443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.228315115 CEST4434984378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.228461027 CEST49843443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.228948116 CEST49843443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.228959084 CEST4434984378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.235903025 CEST49843443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.248497963 CEST4434984278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.259759903 CEST49844443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.259783030 CEST4434984478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.259881973 CEST49844443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.260313988 CEST49844443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.260324001 CEST4434984478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.270138979 CEST4434982578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.270201921 CEST49825443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.271389008 CEST49844443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.276504040 CEST4434984378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.286004066 CEST4434982678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.286096096 CEST4434982678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.286124945 CEST49826443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.286236048 CEST49826443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.306416035 CEST4434982778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.306499958 CEST49827443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.306500912 CEST49845443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.306528091 CEST4434984578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.306637049 CEST49845443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.306943893 CEST49845443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.306955099 CEST4434984578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.313220978 CEST49845443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.316494942 CEST4434984478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.333250999 CEST4434982878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.333353043 CEST4434982878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.333381891 CEST49828443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.333581924 CEST49828443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.339015961 CEST49846443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.339027882 CEST4434984678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.339296103 CEST49846443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.339498043 CEST49846443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.339503050 CEST4434984678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.347029924 CEST49846443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.360492945 CEST4434984578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.368900061 CEST49847443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.368921995 CEST4434984778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.369008064 CEST49847443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.369277000 CEST49847443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.369286060 CEST4434984778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.376219988 CEST49847443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.392510891 CEST4434984678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.396218061 CEST4434982978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.396306992 CEST49829443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.404508114 CEST49848443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.404519081 CEST4434984878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.404604912 CEST49848443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.404889107 CEST49848443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.404898882 CEST4434984878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.407955885 CEST49848443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.420502901 CEST4434984778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.426326036 CEST4434983078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.426426888 CEST49830443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.431969881 CEST49849443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.432005882 CEST4434984978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.432101011 CEST49849443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.432531118 CEST49849443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.432542086 CEST4434984978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.435323954 CEST49849443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.452491999 CEST4434984878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.454781055 CEST4434983178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.454864025 CEST49831443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.464514971 CEST49850443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.464531898 CEST4434985078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.464673996 CEST49850443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.464879036 CEST49850443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.464886904 CEST4434985078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.469377995 CEST49850443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.480496883 CEST4434984978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.483395100 CEST4434983278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.483500957 CEST4434983278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.483586073 CEST49832443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.483586073 CEST49832443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.494595051 CEST49851443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.494617939 CEST4434985178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.496511936 CEST49851443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.496797085 CEST49851443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.496808052 CEST4434985178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.500161886 CEST49851443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.506434917 CEST4434983378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.506520987 CEST49833443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.512502909 CEST4434985078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.525058031 CEST49852443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.525073051 CEST4434985278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.525260925 CEST49852443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.525473118 CEST49852443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.525480032 CEST4434985278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.530699968 CEST49852443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.542809010 CEST4434983478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.542901993 CEST4434983478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.542936087 CEST49834443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.542979956 CEST49834443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.544492960 CEST4434985178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.556324005 CEST49853443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.556338072 CEST4434985378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.556514978 CEST49853443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.556735039 CEST49853443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.556747913 CEST4434985378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.562652111 CEST49853443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.572499990 CEST4434985278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.587798119 CEST49854443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.587815046 CEST4434985478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.587923050 CEST49854443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.588763952 CEST49854443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.588773966 CEST4434985478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.597309113 CEST4434983578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.597403049 CEST4434983578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.597471952 CEST49835443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.597471952 CEST49835443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.598897934 CEST49854443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.608493090 CEST4434985378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.619652033 CEST49855443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.619668961 CEST4434985578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.619745016 CEST49855443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.620120049 CEST49855443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.620126963 CEST4434985578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.640347004 CEST49855443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.644494057 CEST4434985478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.645659924 CEST4434983778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.645773888 CEST4434983778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.645804882 CEST49837443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.645872116 CEST49837443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.659818888 CEST4434983678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.659912109 CEST4434983678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.659918070 CEST49836443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.660325050 CEST49836443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.666280031 CEST49856443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.666322947 CEST4434985678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.666452885 CEST49856443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.666867018 CEST49856443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.666876078 CEST4434985678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.675092936 CEST49856443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.676424026 CEST4434983878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.676616907 CEST49838443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.680506945 CEST4434985578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.700279951 CEST49857443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.700324059 CEST4434985778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.700591087 CEST49857443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.700906992 CEST49857443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.700921059 CEST4434985778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.703633070 CEST49857443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.720511913 CEST4434985678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.728282928 CEST49858443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.728322029 CEST4434985878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.728437901 CEST49858443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.728683949 CEST49858443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.728697062 CEST4434985878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.728970051 CEST4434983978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.729362965 CEST4434983978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.729398966 CEST49839443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.729424000 CEST49839443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.734324932 CEST49858443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.748500109 CEST4434985778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.756966114 CEST4434984078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.757081032 CEST49840443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.757083893 CEST4434984078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.757189989 CEST49840443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.760502100 CEST49859443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.760533094 CEST4434985978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.760682106 CEST49859443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.760945082 CEST49859443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.760957003 CEST4434985978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.764417887 CEST49859443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.780494928 CEST4434985878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.792280912 CEST49860443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.792315006 CEST4434986078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.792437077 CEST49860443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.796312094 CEST49860443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.796312094 CEST49860443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.796339989 CEST4434986078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.802511930 CEST4434984178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.802598000 CEST49841443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.804496050 CEST4434985978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.818092108 CEST4434984278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.818197966 CEST4434984278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.818214893 CEST49842443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.818418980 CEST49842443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.824402094 CEST49861443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.824420929 CEST4434986178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.824506998 CEST49861443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.827537060 CEST49861443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.827537060 CEST49861443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.827549934 CEST4434986178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.840508938 CEST4434986078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.850758076 CEST4434984378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.850843906 CEST4434984378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.850864887 CEST49843443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.850898981 CEST49843443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.853688955 CEST49862443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.853705883 CEST4434986278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.854070902 CEST49862443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.854243994 CEST49862443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.854258060 CEST4434986278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.860284090 CEST49862443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.868510008 CEST4434986178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.884128094 CEST49863443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.884164095 CEST4434986378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.884275913 CEST49863443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.888394117 CEST49863443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.888406038 CEST4434986378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.892330885 CEST49863443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.895895004 CEST4434984478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.896007061 CEST4434984478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.896086931 CEST49844443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.896086931 CEST49844443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.904494047 CEST4434986278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.915811062 CEST49864443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.915831089 CEST4434986478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.915941000 CEST49864443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.916366100 CEST49864443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.916373968 CEST4434986478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.924299002 CEST49864443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.929629087 CEST4434984578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.929721117 CEST49845443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.929727077 CEST4434984578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.929929972 CEST49845443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.932503939 CEST4434986378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.948282957 CEST49865443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.948303938 CEST4434986578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.948565960 CEST49865443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.948832035 CEST49865443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.948846102 CEST4434986578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.954569101 CEST49865443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.961627960 CEST4434984678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.961724997 CEST4434984678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.961743116 CEST49846443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.964457035 CEST49846443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.968501091 CEST4434986478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.978291988 CEST49866443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.978316069 CEST4434986678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.978554010 CEST49866443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.978652000 CEST49866443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.978663921 CEST4434986678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.981050968 CEST49866443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.993417025 CEST4434984778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:26.993493080 CEST49847443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:26.996501923 CEST4434986578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.009517908 CEST49867443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.009540081 CEST4434986778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.009665012 CEST49867443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.009850025 CEST49867443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.009862900 CEST4434986778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.015604973 CEST49867443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.020700932 CEST4434984878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.020768881 CEST49848443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.024513006 CEST4434986678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.041253090 CEST49868443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.041273117 CEST4434986878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.041451931 CEST49868443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.041778088 CEST49868443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.041788101 CEST4434986878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.047883034 CEST49868443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.060502052 CEST4434986778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.072166920 CEST49869443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.072184086 CEST4434986978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.072243929 CEST49869443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.072467089 CEST49869443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.072478056 CEST4434986978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.078572035 CEST4434984978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.078624964 CEST49849443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.082526922 CEST49869443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.088499069 CEST4434986878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.090409040 CEST4434985078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.090511084 CEST49850443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.103950024 CEST49870443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.103967905 CEST4434987078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.104043007 CEST49870443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.104317904 CEST49870443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.104326963 CEST4434987078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.113605976 CEST49870443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.119596004 CEST4434985178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.119642973 CEST49851443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.128498077 CEST4434986978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.135150909 CEST49871443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.135174990 CEST4434987178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.135217905 CEST49871443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.135545969 CEST49871443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.135557890 CEST4434987178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.145270109 CEST49871443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.145427942 CEST4434985278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.145483971 CEST49852443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.156503916 CEST4434987078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.173846006 CEST49872443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.173872948 CEST4434987278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.173916101 CEST49872443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.174207926 CEST49872443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.174221039 CEST4434987278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.192503929 CEST4434987178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.193207979 CEST4434985378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.193285942 CEST49853443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.194808960 CEST49872443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.231307030 CEST49873443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.231343985 CEST4434987378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.231389999 CEST49873443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.231650114 CEST49873443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.231664896 CEST4434987378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.233520031 CEST4434985478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.233573914 CEST49854443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.240499973 CEST4434987278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.248622894 CEST49873443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.254558086 CEST4434985578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.254633904 CEST49855443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.296500921 CEST4434987378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.300410986 CEST49874443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.300442934 CEST4434987478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.300498009 CEST49874443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.301006079 CEST49874443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.301018000 CEST4434987478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.310128927 CEST4434985678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.310183048 CEST49856443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.310277939 CEST49874443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.317013979 CEST4434985778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.317065001 CEST49857443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.339553118 CEST49875443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.339587927 CEST4434987578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.339648962 CEST49875443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.339987993 CEST49875443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.339998007 CEST4434987578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.349473953 CEST49875443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.352500916 CEST4434987478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.358772993 CEST4434985878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.358820915 CEST49858443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.371109009 CEST49876443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.371124983 CEST4434987678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.371171951 CEST49876443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.371484041 CEST49876443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.371495962 CEST4434987678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.380151033 CEST49876443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.383713961 CEST4434985978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.383760929 CEST49859443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.396498919 CEST4434987578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.416986942 CEST49877443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.417007923 CEST4434987778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.417079926 CEST49877443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.417443991 CEST49877443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.417454958 CEST4434987778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.421669006 CEST49877443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.424498081 CEST4434987678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.431313992 CEST4434986078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.431355000 CEST49860443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.445305109 CEST4434986178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.445405960 CEST4434986178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.445449114 CEST49861443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.445466042 CEST49861443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.447660923 CEST49878443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.447679043 CEST4434987878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.447758913 CEST49878443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.448112011 CEST49878443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.448133945 CEST4434987878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.458512068 CEST49878443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.468499899 CEST4434987778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.480212927 CEST49879443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.480226040 CEST4434987978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.480276108 CEST49879443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.480583906 CEST49879443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.480595112 CEST4434987978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.483886003 CEST4434986278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.483936071 CEST49862443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.489897013 CEST49879443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.500504971 CEST4434987878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.511032104 CEST49880443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.511045933 CEST4434988078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.511097908 CEST49880443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.511406898 CEST49880443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.511419058 CEST4434988078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.512552977 CEST4434986378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.512646914 CEST4434986378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.512684107 CEST49863443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.512700081 CEST49863443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.519675016 CEST49880443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.536498070 CEST4434987978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.537241936 CEST4434986478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.537297964 CEST49864443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.541484118 CEST49881443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.541507006 CEST4434988178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.541564941 CEST49881443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.541873932 CEST49881443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.541893005 CEST4434988178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.548660994 CEST49881443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.560499907 CEST4434988078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.573182106 CEST49882443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.573196888 CEST4434988278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.573265076 CEST49882443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.573623896 CEST49882443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.573643923 CEST4434988278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.583102942 CEST49882443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.584450006 CEST4434986578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.584502935 CEST49865443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.591775894 CEST4434986678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.591850042 CEST49866443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.592499018 CEST4434988178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.605520964 CEST49883443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.605534077 CEST4434988378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.605585098 CEST49883443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.605880022 CEST49883443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.605890989 CEST4434988378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.614720106 CEST49883443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.628492117 CEST4434988278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.642025948 CEST49884443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.642054081 CEST4434988478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.642103910 CEST49884443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.643486977 CEST49884443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.643502951 CEST4434988478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.660502911 CEST4434988378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.683829069 CEST49884443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.714401960 CEST49885443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.714427948 CEST4434988578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.714474916 CEST49885443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.714786053 CEST49885443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.714798927 CEST4434988578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.728508949 CEST4434988478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.736731052 CEST49885443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.765177965 CEST49886443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.765192986 CEST4434988678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.765254021 CEST49886443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.765800953 CEST49886443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.765811920 CEST4434988678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.780036926 CEST49886443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.780500889 CEST4434988578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.807679892 CEST49887443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.807718039 CEST4434988778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.807786942 CEST49887443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.808075905 CEST49887443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.808101892 CEST4434988778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.817092896 CEST49887443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.824498892 CEST4434988678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.839314938 CEST49888443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.839370012 CEST4434988878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.839441061 CEST49888443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.839675903 CEST49888443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.839687109 CEST4434988878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.846873999 CEST4434987078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.846927881 CEST49870443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.847055912 CEST4434987178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.847110033 CEST49871443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.847450018 CEST4434987278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.847523928 CEST49872443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.848707914 CEST4434986778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.848778963 CEST49867443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.849124908 CEST4434986878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.849173069 CEST49868443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.849276066 CEST4434986978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.849327087 CEST49869443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.852556944 CEST49888443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.861331940 CEST4434987378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.861396074 CEST49873443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.864506006 CEST4434988778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.886140108 CEST49889443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.886182070 CEST4434988978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.886266947 CEST49889443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.886631966 CEST49889443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.886650085 CEST4434988978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.896507025 CEST4434988878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.903584957 CEST49889443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.932102919 CEST4434987478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.932152033 CEST49874443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.933203936 CEST49890443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.933242083 CEST4434989078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.933290958 CEST49890443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.933773994 CEST49890443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.933789968 CEST4434989078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.948492050 CEST4434988978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.952061892 CEST49890443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.991871119 CEST4434987578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.991919041 CEST49875443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.992496014 CEST4434989078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.995429993 CEST49891443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.995462894 CEST4434989178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:27.995552063 CEST49891443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.995836020 CEST49891443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:27.995845079 CEST4434989178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.011822939 CEST4434987678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.011879921 CEST49876443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.012546062 CEST49891443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.041551113 CEST49892443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.041589975 CEST4434989278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.041640043 CEST49892443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.042002916 CEST49892443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.042013884 CEST4434989278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.049860001 CEST4434987778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.049940109 CEST49877443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.051112890 CEST49892443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.060508966 CEST4434989178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.070574045 CEST4434987878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.070679903 CEST49878443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.070687056 CEST4434987878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.070784092 CEST49878443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.074294090 CEST49893443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.074321985 CEST4434989378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.074467897 CEST49893443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.090864897 CEST4434987978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.090982914 CEST4434987978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.091012955 CEST49879443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.094630003 CEST49879443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.096496105 CEST4434989278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.106295109 CEST49894443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.106309891 CEST4434989478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.106414080 CEST49894443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.110292912 CEST49894443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.110292912 CEST49894443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.110305071 CEST4434989478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.138289928 CEST49895443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.138314962 CEST4434989578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.138472080 CEST49895443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.138863087 CEST49895443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.138873100 CEST4434989578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.141486883 CEST4434988078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.141602039 CEST4434988078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.141673088 CEST49880443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.141673088 CEST49880443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.146281958 CEST49895443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.152503014 CEST4434989478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.166516066 CEST49896443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.166538000 CEST4434989678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.166789055 CEST49896443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.166877031 CEST49896443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.166887045 CEST4434989678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.167223930 CEST4434988178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.167329073 CEST4434988178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.167460918 CEST49881443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.167460918 CEST49881443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.174288034 CEST49896443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.189948082 CEST4434988278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.190049887 CEST49882443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.190056086 CEST4434988278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.190099001 CEST49882443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.192502975 CEST4434989578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.198291063 CEST49897443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.198312044 CEST4434989778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.198446035 CEST49897443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.198695898 CEST49897443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.198705912 CEST4434989778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.206288099 CEST49897443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.220499039 CEST4434989678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.228382111 CEST49898443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.228394985 CEST4434989878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.228852987 CEST49898443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.228895903 CEST49898443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.228899956 CEST4434989878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.234085083 CEST49898443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.241616011 CEST4434988378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.241712093 CEST4434988378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.241746902 CEST49883443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.242371082 CEST49883443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.248491049 CEST4434989778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.259845018 CEST49899443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.259885073 CEST4434989978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.260039091 CEST49899443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.260324001 CEST49899443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.260339022 CEST4434989978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.270287037 CEST49899443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.280492067 CEST4434989878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.291446924 CEST49900443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.291462898 CEST4434990078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.294595003 CEST49900443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.294595003 CEST49900443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.294617891 CEST4434990078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.295089006 CEST49900443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.316490889 CEST4434989978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.326294899 CEST49901443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.326324940 CEST4434990178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.328326941 CEST49901443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.330285072 CEST49901443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.330302954 CEST4434990178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.334574938 CEST49901443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.340491056 CEST4434990078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.370281935 CEST49902443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.370306969 CEST4434990278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.374353886 CEST49902443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.380489111 CEST4434990178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.402287960 CEST49903443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.402306080 CEST4434990378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.406476021 CEST49903443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.431504011 CEST49904443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.431544065 CEST4434990478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.431708097 CEST49904443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.431977987 CEST49904443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.431991100 CEST4434990478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.437757015 CEST49904443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.453093052 CEST4434988678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.453191042 CEST4434988678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.454349041 CEST49886443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.454349041 CEST49886443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.462457895 CEST49905443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.462493896 CEST4434990578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.462733030 CEST49905443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.463845968 CEST4434988578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.463882923 CEST49905443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.463896990 CEST4434990578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.463928938 CEST49885443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.469651937 CEST4434988878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.469696045 CEST49905443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.469747066 CEST4434988878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.469773054 CEST49888443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.470418930 CEST49888443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.474370956 CEST4434988478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.474477053 CEST4434988478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.474611044 CEST49884443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.474611044 CEST49884443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.481580019 CEST4434988778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.481688976 CEST4434988778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.482403994 CEST49887443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.482403994 CEST49887443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.484498024 CEST4434990478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.493949890 CEST49906443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.493968964 CEST4434990678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.494123936 CEST49906443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.498313904 CEST49906443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.498323917 CEST4434990678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.498353004 CEST49906443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.512506008 CEST4434990578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.526293039 CEST49907443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.526321888 CEST4434990778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.526442051 CEST49907443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.526688099 CEST49907443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.526698112 CEST4434990778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.526727915 CEST4434988978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.526830912 CEST4434988978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.526891947 CEST49889443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.526892900 CEST49889443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.532269001 CEST49907443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.544513941 CEST4434990678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.558289051 CEST49908443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.558307886 CEST4434990878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.560888052 CEST4434989078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.561003923 CEST49908443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.561007023 CEST49890443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.561387062 CEST49908443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.561397076 CEST4434990878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.562517881 CEST49908443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.576493025 CEST4434990778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.590311050 CEST49909443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.590331078 CEST4434990978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.590606928 CEST49909443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.594290018 CEST49909443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.594301939 CEST4434990978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.595077038 CEST49909443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.608490944 CEST4434990878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.615497112 CEST4434989178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.615612030 CEST4434989178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.615638018 CEST49891443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.615766048 CEST49891443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.618926048 CEST49910443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.618940115 CEST4434991078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.619115114 CEST49910443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.619426966 CEST49910443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.619440079 CEST4434991078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.622283936 CEST49910443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.640491009 CEST4434990978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.652590990 CEST49911443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.652623892 CEST4434991178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.652780056 CEST49911443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.653234005 CEST49911443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.653247118 CEST4434991178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.661808968 CEST49911443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.668504000 CEST4434991078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.668901920 CEST4434989278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.668998957 CEST4434989278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.670350075 CEST49892443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.670350075 CEST49892443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.698626995 CEST49912443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.698652029 CEST4434991278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.698914051 CEST49912443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.702289104 CEST49912443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.702297926 CEST4434991278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.704509974 CEST4434991178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.708127022 CEST49912443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.733485937 CEST4434989478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.733587027 CEST4434989478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.733686924 CEST49894443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.733686924 CEST49894443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.752496958 CEST4434991278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.760262966 CEST4434989578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.760373116 CEST4434989578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.760462046 CEST49895443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.760462046 CEST49895443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.775372982 CEST49913443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.775410891 CEST4434991378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.775492907 CEST49913443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.775855064 CEST49913443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.775866032 CEST4434991378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.782286882 CEST49913443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.806646109 CEST49914443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.806662083 CEST4434991478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.810359955 CEST49914443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.810668945 CEST49914443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.810678959 CEST4434991478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.814287901 CEST49914443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.818695068 CEST4434989778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.818768024 CEST49897443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.828504086 CEST4434991378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.838413954 CEST49915443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.838433981 CEST4434991578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.838771105 CEST49915443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.842309952 CEST49915443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.842309952 CEST49915443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.842319965 CEST4434991578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.847099066 CEST4434989878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.847203016 CEST4434989878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.847233057 CEST49898443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.847278118 CEST49898443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.860496044 CEST4434991478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.870291948 CEST49916443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.870321989 CEST4434991678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.870450974 CEST49916443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.870654106 CEST49916443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.870665073 CEST4434991678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.871009111 CEST4434989678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.871104002 CEST4434989678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.871160030 CEST49896443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.871251106 CEST49896443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.871714115 CEST4434989978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.871815920 CEST4434989978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.874357939 CEST49899443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.874357939 CEST49899443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.875061989 CEST49916443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.888510942 CEST4434991578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.902287006 CEST49917443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.902306080 CEST4434991778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.902523994 CEST49917443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.906285048 CEST49917443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.906285048 CEST49917443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.906296968 CEST4434991778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.920495987 CEST4434991678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.927575111 CEST4434990078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.927668095 CEST4434990078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.927707911 CEST49900443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.927964926 CEST49900443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.931762934 CEST49918443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.931776047 CEST4434991878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.931885958 CEST49918443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.932082891 CEST49918443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.932091951 CEST4434991878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.938302994 CEST49918443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.949615002 CEST4434990178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.949707031 CEST4434990178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.949789047 CEST49901443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.949789047 CEST49901443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.952491999 CEST4434991778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.962770939 CEST49919443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.962804079 CEST4434991978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.966336966 CEST49919443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.968704939 CEST49919443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.968704939 CEST49919443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.968717098 CEST4434991978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.980500937 CEST4434991878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.995733023 CEST49920443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.995781898 CEST4434992078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:28.995862961 CEST49920443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.996328115 CEST49920443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:28.996342897 CEST4434992078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.015312910 CEST49920443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.016494989 CEST4434991978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.041073084 CEST49921443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.041126013 CEST4434992178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.041237116 CEST49921443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.041747093 CEST49921443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.041757107 CEST4434992178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.046313047 CEST49921443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.048760891 CEST4434990478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.048897028 CEST4434990478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.050343990 CEST49904443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.050343990 CEST49904443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.056514025 CEST4434992078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.073350906 CEST49922443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.073369026 CEST4434992278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.073438883 CEST49922443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.073772907 CEST49922443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.073793888 CEST4434992278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.081413984 CEST49922443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.091317892 CEST4434990578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.091375113 CEST49905443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.092499018 CEST4434992178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.103387117 CEST49923443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.103409052 CEST4434992378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.103485107 CEST49923443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.103703022 CEST49923443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.103714943 CEST4434992378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.112247944 CEST49923443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.124495983 CEST4434992278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.135071039 CEST49924443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.135096073 CEST4434992478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.135138988 CEST49924443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.135417938 CEST49924443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.135436058 CEST4434992478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.142004013 CEST49924443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.142174959 CEST4434990678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.142235041 CEST49906443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.156326056 CEST4434990778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.156378031 CEST49907443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.156493902 CEST4434992378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.166549921 CEST49925443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.166567087 CEST4434992578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.166630983 CEST49925443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.166866064 CEST49925443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.166874886 CEST4434992578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.169665098 CEST49925443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.188497066 CEST4434992478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.195461035 CEST4434990878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.195516109 CEST49908443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.197911978 CEST49926443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.197922945 CEST4434992678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.198103905 CEST49926443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.198394060 CEST49926443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.198405027 CEST4434992678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.203701019 CEST49926443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.212501049 CEST4434992578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.215363026 CEST4434990978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.215419054 CEST49909443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.230451107 CEST49927443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.230477095 CEST4434992778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.230537891 CEST49927443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.230912924 CEST49927443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.230923891 CEST4434992778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.247308016 CEST49927443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.248507977 CEST4434992678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.259147882 CEST4434991078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.259212017 CEST49910443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.276438951 CEST49928443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.276457071 CEST4434992878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.276506901 CEST49928443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.276772022 CEST49928443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.276782990 CEST4434992878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.279941082 CEST49928443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.287900925 CEST4434991178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.287946939 CEST49911443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.292500019 CEST4434992778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.307995081 CEST49929443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.308011055 CEST4434992978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.308077097 CEST49929443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.308511019 CEST49929443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.308520079 CEST4434992978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.316580057 CEST49929443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.324510098 CEST4434992878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.326558113 CEST4434991278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.326642990 CEST49912443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.345030069 CEST49930443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.345056057 CEST4434993078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.345114946 CEST49930443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.345396042 CEST49930443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.345412016 CEST4434993078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.360608101 CEST49930443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.364500046 CEST4434992978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.385099888 CEST49931443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.385134935 CEST4434993178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.385449886 CEST49931443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.385736942 CEST49931443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.385751963 CEST4434993178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.387244940 CEST49931443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.398705959 CEST4434991378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.398781061 CEST49913443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.408505917 CEST4434993078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.416924000 CEST49932443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.416940928 CEST4434993278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.417088985 CEST49932443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.417337894 CEST49932443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.417350054 CEST4434993278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.422802925 CEST49932443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.428505898 CEST4434993178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.431376934 CEST4434991478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.431446075 CEST49914443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.447423935 CEST49933443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.447458982 CEST4434993378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.447593927 CEST49933443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.447935104 CEST49933443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.447947979 CEST4434993378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.453828096 CEST49933443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.455961943 CEST4434991578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.456043959 CEST49915443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.464493036 CEST4434993278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.478755951 CEST49934443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.478773117 CEST4434993478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.478827000 CEST49934443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.479103088 CEST49934443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.479114056 CEST4434993478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.484107971 CEST49934443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.485390902 CEST4434991678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.485456944 CEST49916443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.500500917 CEST4434993378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.510648012 CEST49935443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.510665894 CEST4434993578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.510723114 CEST49935443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.511188030 CEST49935443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.511198044 CEST4434993578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.518158913 CEST49935443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.526073933 CEST4434991778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.526132107 CEST49917443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.528498888 CEST4434993478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.544317007 CEST49936443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.544358015 CEST4434993678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.544425011 CEST49936443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.544701099 CEST49936443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.544715881 CEST4434993678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.552927971 CEST4434991878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.552977085 CEST49918443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.560242891 CEST49936443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.560507059 CEST4434993578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.590931892 CEST49937443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.590972900 CEST4434993778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.591042042 CEST49937443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.591592073 CEST49937443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.591609001 CEST4434993778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.595055103 CEST4434991978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.595151901 CEST4434991978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.595179081 CEST49919443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.595218897 CEST49919443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.604496956 CEST4434993678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.605290890 CEST49937443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.622754097 CEST4434992078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.622812986 CEST49920443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.639524937 CEST49938443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.639548063 CEST4434993878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.639604092 CEST49938443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.639945984 CEST49938443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.639960051 CEST4434993878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.648531914 CEST4434993778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.667022943 CEST49938443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.677190065 CEST4434992178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.677282095 CEST4434992178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.677339077 CEST49921443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.677383900 CEST49921443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.688338041 CEST4434992278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.688401937 CEST49922443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.707385063 CEST49939443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.707434893 CEST4434993978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.707492113 CEST49939443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.707854033 CEST49939443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.707870007 CEST4434993978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.712501049 CEST4434993878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.719657898 CEST49939443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.744997978 CEST49940443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.745028973 CEST4434994078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.745093107 CEST49940443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.745517969 CEST49940443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.745529890 CEST4434994078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.747700930 CEST4434992378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.747761965 CEST49923443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.756167889 CEST49940443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.764501095 CEST4434993978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.768598080 CEST4434992478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.768650055 CEST49924443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.776283979 CEST4434992578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.776329994 CEST49925443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.792813063 CEST49941443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.792853117 CEST4434994178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.792915106 CEST49941443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.793267012 CEST49941443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.793282986 CEST4434994178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.800499916 CEST4434994078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.802715063 CEST49941443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.839771032 CEST49942443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.839811087 CEST4434994278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.839865923 CEST49942443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.840102911 CEST49942443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.840112925 CEST4434994278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.841348886 CEST4434992678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.841409922 CEST49926443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.845937967 CEST4434992778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.846028090 CEST4434992778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.846127987 CEST49927443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.846287966 CEST49927443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.846550941 CEST49942443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.848495007 CEST4434994178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.871076107 CEST49943443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.871120930 CEST4434994378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.871197939 CEST49943443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.871478081 CEST49943443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.871491909 CEST4434994378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.880732059 CEST49943443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.888514996 CEST4434994278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.898947954 CEST4434992878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.899035931 CEST49928443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.916857004 CEST49944443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.916882038 CEST4434994478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.916965961 CEST49944443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.917202950 CEST49944443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.917216063 CEST4434994478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.928497076 CEST4434994378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.929778099 CEST4434992978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.929872036 CEST4434992978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.929944992 CEST49929443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.929986954 CEST49929443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.934880972 CEST49944443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.963434935 CEST49945443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.963485956 CEST4434994578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.963547945 CEST49945443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.963814974 CEST49945443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.963828087 CEST4434994578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.965435028 CEST4434993078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.965493917 CEST49930443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.970273972 CEST49945443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.980498075 CEST4434994478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.995832920 CEST49946443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.995847940 CEST4434994678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:29.995902061 CEST49946443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.996110916 CEST49946443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:29.996123075 CEST4434994678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.003490925 CEST49946443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.016493082 CEST4434994578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.025223970 CEST49947443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.025249958 CEST4434994778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.025311947 CEST49947443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.025563955 CEST49947443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.025577068 CEST4434994778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.028556108 CEST4434993178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.028636932 CEST49931443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.032104015 CEST49947443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.048508883 CEST4434994678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.063010931 CEST4434993278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.063074112 CEST49932443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.063957930 CEST49948443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.063977957 CEST4434994878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.064105034 CEST49948443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.064382076 CEST49948443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.064393997 CEST4434994878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.069746017 CEST4434993378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.069844007 CEST4434993378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.070349932 CEST49933443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.070349932 CEST49933443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.071372986 CEST49948443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.072496891 CEST4434994778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.103296995 CEST49949443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.103331089 CEST4434994978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.106412888 CEST49949443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.108771086 CEST4434993478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.108810902 CEST49949443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.108823061 CEST4434994978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.108861923 CEST49934443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.109256983 CEST49949443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.112512112 CEST4434994878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.138308048 CEST49950443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.138334990 CEST4434995078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.140654087 CEST49950443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.142183065 CEST4434993578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.142290115 CEST4434993578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.142319918 CEST49935443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.142348051 CEST49935443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.156497955 CEST4434994978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.166295052 CEST49951443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.166313887 CEST4434995178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.169925928 CEST4434993678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.170022964 CEST4434993678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.170109987 CEST49936443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.170109987 CEST49936443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.170172930 CEST49951443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.170480967 CEST49951443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.170492887 CEST4434995178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.175664902 CEST49951443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.197041035 CEST49952443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.197081089 CEST4434995278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.198721886 CEST49952443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.198723078 CEST49952443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.198754072 CEST4434995278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.202749014 CEST49952443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.220499992 CEST4434995178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.235665083 CEST49953443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.235707045 CEST4434995378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.236011982 CEST49953443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.238298893 CEST49953443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.238312006 CEST4434995378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.244826078 CEST49953443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.248498917 CEST4434995278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.275968075 CEST49954443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.276005983 CEST4434995478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.277050018 CEST4434993878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.277146101 CEST4434993878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.277343988 CEST49938443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.277343988 CEST49938443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.277354002 CEST49954443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.277642012 CEST49954443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.277651072 CEST4434995478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.282291889 CEST49954443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.292496920 CEST4434995378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.306658983 CEST49955443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.306684971 CEST4434995578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.306950092 CEST49955443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.307547092 CEST49955443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.307554007 CEST4434995578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.314291954 CEST49955443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.320527077 CEST4434993778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.320617914 CEST49937443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.320626020 CEST4434993778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.321059942 CEST49937443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.328495979 CEST4434995478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.328778982 CEST4434993978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.328880072 CEST4434993978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.328943968 CEST49939443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.328943968 CEST49939443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.339274883 CEST49956443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.339298964 CEST4434995678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.339524984 CEST49956443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.339797020 CEST49956443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.339807987 CEST4434995678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.346287966 CEST49956443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.360496044 CEST4434995578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.370301962 CEST49957443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.370333910 CEST4434995778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.370467901 CEST49957443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.370680094 CEST49957443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.370698929 CEST4434995778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.374344110 CEST49957443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.388494015 CEST4434995678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.390332937 CEST4434994078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.390472889 CEST4434994078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.390539885 CEST49940443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.390539885 CEST49940443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.406241894 CEST49958443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.406266928 CEST4434995878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.410460949 CEST49958443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.410732031 CEST49958443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.410737991 CEST4434995878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.413146973 CEST49958443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.420754910 CEST4434994178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.420834064 CEST49941443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.450299978 CEST49959443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.450326920 CEST4434995978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.450460911 CEST49959443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.450789928 CEST49959443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.450797081 CEST4434995978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.454364061 CEST49959443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.456499100 CEST4434995878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.478869915 CEST49960443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.478888988 CEST4434996078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.479231119 CEST49960443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.479482889 CEST49960443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.479492903 CEST4434996078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.482089043 CEST49960443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.491086006 CEST4434994378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.491202116 CEST4434994378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.491292953 CEST49943443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.491292953 CEST49943443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.500499010 CEST4434995978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.510390997 CEST49961443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.510423899 CEST4434996178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.511003971 CEST49961443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.511357069 CEST49961443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.511364937 CEST4434996178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.525118113 CEST49961443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.528493881 CEST4434996078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.555032969 CEST4434994478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.555136919 CEST4434994478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.555196047 CEST49944443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.555196047 CEST49944443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.557084084 CEST49962443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.557100058 CEST4434996278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.557354927 CEST49962443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.557547092 CEST49962443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.557554007 CEST4434996278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.565818071 CEST4434994278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.565916061 CEST4434994278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.565968037 CEST49942443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.565968037 CEST49942443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.568026066 CEST49962443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.572499990 CEST4434996178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.588538885 CEST49963443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.588570118 CEST4434996378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.589524031 CEST49963443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.590183973 CEST49963443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.590192080 CEST4434996378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.595989943 CEST49963443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.597084045 CEST4434994578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.597173929 CEST4434994578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.597196102 CEST49945443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.597310066 CEST49945443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.612495899 CEST4434996278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.619213104 CEST49964443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.619231939 CEST4434996478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.619332075 CEST49964443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.619916916 CEST49964443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.619924068 CEST4434996478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.621730089 CEST4434994678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.621819973 CEST4434994678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.621824980 CEST49946443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.621922016 CEST49946443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.629585028 CEST49964443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.640490055 CEST4434996378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.646692991 CEST4434994778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.646807909 CEST49947443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.665937901 CEST49965443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.665952921 CEST4434996578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.666203976 CEST49965443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.666261911 CEST49965443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.666268110 CEST4434996578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.674942017 CEST49965443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.676490068 CEST4434996478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.684191942 CEST4434994878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.684278965 CEST4434994878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.684331894 CEST49948443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.684331894 CEST49948443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.698200941 CEST49966443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.698216915 CEST4434996678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.698314905 CEST49966443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.698606968 CEST49966443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.698612928 CEST4434996678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.703958988 CEST49966443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.720487118 CEST4434996578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.728591919 CEST49967443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.728610992 CEST4434996778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.730053902 CEST4434994978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.730154991 CEST4434994978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.730231047 CEST49949443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.730232000 CEST49949443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.730273008 CEST49967443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.730814934 CEST49967443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.730822086 CEST4434996778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.748486042 CEST4434996678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.782708883 CEST4434995178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.782802105 CEST4434995178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.782824993 CEST49951443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.786427975 CEST49951443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.803970098 CEST49967443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.836577892 CEST4434995278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.836697102 CEST4434995278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.838344097 CEST49968443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.838356972 CEST49952443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.838356972 CEST49952443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.838432074 CEST4434996878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.838624001 CEST49968443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.842303038 CEST49968443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.842334032 CEST4434996878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.844496012 CEST4434996778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.844912052 CEST49968443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.868913889 CEST49969443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.868946075 CEST4434996978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.870337009 CEST49969443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.870744944 CEST49969443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.870753050 CEST4434996978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.875456095 CEST4434995378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.875547886 CEST4434995378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.875606060 CEST49953443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.875606060 CEST49953443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.877001047 CEST49969443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.892493010 CEST4434996878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.898035049 CEST4434995478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.898133039 CEST49954443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.898143053 CEST4434995478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.898332119 CEST49954443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.902295113 CEST49970443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.902331114 CEST4434997078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.902456045 CEST49970443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.905059099 CEST49970443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.905060053 CEST49970443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.905072927 CEST4434997078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.924499989 CEST4434996978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.931807041 CEST49971443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.931855917 CEST4434997178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.931997061 CEST49971443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.932257891 CEST49971443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.932285070 CEST4434997178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.938313961 CEST49971443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.948537111 CEST4434997078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.957439899 CEST4434995578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.957525015 CEST49955443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.961395025 CEST4434995678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.961482048 CEST4434995678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.961517096 CEST49956443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.961880922 CEST49956443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.966305017 CEST49972443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.966361046 CEST4434997278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.966478109 CEST49972443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.967478991 CEST49972443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.967478991 CEST49972443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.967489958 CEST4434997278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.980515003 CEST4434997178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.994294882 CEST49973443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.994328022 CEST4434997378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:30.994467020 CEST49973443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.994761944 CEST49973443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:30.994784117 CEST4434997378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.002299070 CEST49973443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.008506060 CEST4434997278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.025265932 CEST49974443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.025288105 CEST4434997478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.025402069 CEST49974443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.025655985 CEST49974443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.025679111 CEST4434997478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.030303955 CEST49974443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.042602062 CEST4434995878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.042704105 CEST4434995878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.042732000 CEST49958443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.042803049 CEST49958443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.044498920 CEST4434997378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.056379080 CEST49975443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.056401968 CEST4434997578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.056575060 CEST49975443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.056907892 CEST49975443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.056917906 CEST4434997578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.061374903 CEST49975443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.076494932 CEST4434997478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.077267885 CEST4434995978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.077316046 CEST49959443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.096463919 CEST49976443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.096506119 CEST4434997678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.096563101 CEST49976443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.096864939 CEST49976443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.096873045 CEST4434997678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.101274967 CEST4434996078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.101325035 CEST49960443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.106775045 CEST49976443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.108496904 CEST4434997578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.131957054 CEST4434996178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.132008076 CEST49961443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.135788918 CEST49977443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.135833979 CEST4434997778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.135896921 CEST49977443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.136173964 CEST49977443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.136183977 CEST4434997778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.138465881 CEST49977443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.152494907 CEST4434997678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.166749954 CEST49978443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.166764975 CEST4434997878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.166825056 CEST49978443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.167099953 CEST49978443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.167110920 CEST4434997878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.173903942 CEST49978443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.184492111 CEST4434997778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.186599016 CEST4434996278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.186650991 CEST49962443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.197874069 CEST49979443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.197905064 CEST4434997978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.197962046 CEST49979443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.198240995 CEST49979443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.198247910 CEST4434997978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.206183910 CEST49979443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.216492891 CEST4434997878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.230415106 CEST49980443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.230441093 CEST4434998078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.230510950 CEST49980443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.230957985 CEST49980443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.230966091 CEST4434998078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.238106012 CEST4434996378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.238181114 CEST49963443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.241549015 CEST4434996478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.241611958 CEST49964443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.246206999 CEST49980443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.252509117 CEST4434997978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.288506985 CEST4434998078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.292850971 CEST49981443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.292879105 CEST4434998178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.292948961 CEST49981443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.293484926 CEST49981443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.293497086 CEST4434998178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.296379089 CEST4434996578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.296432972 CEST49965443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.302997112 CEST49981443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.322789907 CEST4434996678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.322863102 CEST49966443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.339015007 CEST49982443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.339045048 CEST4434998278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.339097023 CEST49982443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.339495897 CEST49982443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.339504957 CEST4434998278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.344500065 CEST4434998178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.346720934 CEST49982443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.367845058 CEST4434996778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.367904902 CEST49967443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.369493008 CEST49983443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.369523048 CEST4434998378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.369653940 CEST49983443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.369925976 CEST49983443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.369932890 CEST4434998378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.375368118 CEST49983443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.388500929 CEST4434998278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.401772022 CEST49984443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.401813030 CEST4434998478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.402328968 CEST49984443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.402646065 CEST49984443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.402657032 CEST4434998478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.414223909 CEST49984443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.416507006 CEST4434998378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.447632074 CEST49985443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.447658062 CEST4434998578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.447712898 CEST49985443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.448013067 CEST49985443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.448024988 CEST4434998578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.452894926 CEST49985443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.456506014 CEST4434998478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.478702068 CEST49986443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.478723049 CEST4434998678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.478815079 CEST49986443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.479029894 CEST49986443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.479043007 CEST4434998678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.481095076 CEST4434996878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.481159925 CEST49968443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.485124111 CEST49986443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.495537043 CEST4434996978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.495583057 CEST49969443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.496506929 CEST4434998578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.510040045 CEST49987443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.510059118 CEST4434998778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.510201931 CEST49987443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.510412931 CEST49987443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.510428905 CEST4434998778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.519653082 CEST49987443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.528505087 CEST4434998678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.529356003 CEST4434997078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.529405117 CEST49970443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.541722059 CEST49988443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.541742086 CEST4434998878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.541799068 CEST49988443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.542135000 CEST49988443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.542155027 CEST4434998878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.549103975 CEST49988443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.552612066 CEST4434997178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.552670002 CEST49971443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.564497948 CEST4434998778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.572669029 CEST49989443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.572681904 CEST4434998978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.572721004 CEST49989443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.573087931 CEST49989443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.573098898 CEST4434998978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.576477051 CEST49989443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.580944061 CEST4434997278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.581002951 CEST49972443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.592503071 CEST4434998878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.603167057 CEST49990443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.603177071 CEST4434999078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.603260994 CEST49990443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.603512049 CEST49990443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.603523016 CEST4434999078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.613209009 CEST49990443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.620496988 CEST4434998978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.628493071 CEST4434997378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.628540039 CEST49973443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.635559082 CEST49991443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.635581017 CEST4434999178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.635648012 CEST49991443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.636056900 CEST49991443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.636069059 CEST4434999178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.643480062 CEST49991443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.648756981 CEST4434997478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.648863077 CEST4434997478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.648911953 CEST49974443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.648942947 CEST49974443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.660490990 CEST4434999078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.667851925 CEST49992443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.667866945 CEST4434999278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.667962074 CEST49992443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.668203115 CEST49992443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.668215990 CEST4434999278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.676763058 CEST4434997578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.676817894 CEST49975443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.677658081 CEST49992443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.688500881 CEST4434999178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.713536024 CEST49993443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.713572979 CEST4434999378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.713628054 CEST49993443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.713963032 CEST4434997678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.714010954 CEST49976443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.714092970 CEST49993443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.714116096 CEST4434999378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.720495939 CEST4434999278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.724579096 CEST49993443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.759841919 CEST4434997778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.759898901 CEST49977443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.768812895 CEST49994443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.768857002 CEST4434999478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.768917084 CEST49994443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.769293070 CEST49994443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.769319057 CEST4434999478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.772501945 CEST4434999378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.781430960 CEST49994443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.807080984 CEST49995443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.807101965 CEST4434999578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.807163000 CEST49995443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.807555914 CEST49995443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.807566881 CEST4434999578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.810925961 CEST4434997878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.810976982 CEST49978443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.817257881 CEST49995443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.823194027 CEST4434997978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.823263884 CEST49979443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.828497887 CEST4434999478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.840325117 CEST49996443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.840356112 CEST4434999678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.840457916 CEST49996443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.840809107 CEST49996443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.840827942 CEST4434999678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.852802992 CEST49996443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.864496946 CEST4434999578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.867300987 CEST4434998078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.867347956 CEST49980443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.884491920 CEST49997443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.884505987 CEST4434999778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.884587049 CEST49997443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.884825945 CEST49997443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.884838104 CEST4434999778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.900505066 CEST4434999678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.900719881 CEST49997443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.917285919 CEST4434998178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.917391062 CEST4434998178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.917438984 CEST49981443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.917454958 CEST49981443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.931864977 CEST49998443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.931879044 CEST4434999878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.931955099 CEST49998443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.932183981 CEST49998443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.932194948 CEST4434999878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.942764044 CEST49998443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.944508076 CEST4434999778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.962152958 CEST49999443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.962182999 CEST4434999978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.962235928 CEST49999443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.962466955 CEST49999443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.962481022 CEST4434999978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.970227957 CEST49999443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.983443975 CEST4434998278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.983508110 CEST49982443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.988502026 CEST4434999878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.994622946 CEST50000443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.994652033 CEST4435000078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:31.995064974 CEST50000443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.995382071 CEST50000443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:31.995394945 CEST4435000078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.002598047 CEST50000443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.008331060 CEST4434998378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.008378983 CEST49983443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.012509108 CEST4434999978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.022389889 CEST4434998478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.022442102 CEST49984443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.025607109 CEST50001443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.025630951 CEST4435000178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.025686979 CEST50001443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.025918007 CEST50001443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.025928974 CEST4435000178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.033132076 CEST50001443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.044498920 CEST4435000078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.056600094 CEST50002443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.056610107 CEST4435000278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.056662083 CEST50002443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.056976080 CEST50002443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.056987047 CEST4435000278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.063796997 CEST50002443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.066899061 CEST4434998578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.066988945 CEST49985443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.066992044 CEST4434998578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.067070961 CEST49985443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.080511093 CEST4435000178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.090328932 CEST50003443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.090343952 CEST4435000378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.091435909 CEST4434998678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.091548920 CEST4434998678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.091600895 CEST50003443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.091604948 CEST49986443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.091661930 CEST49986443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.091960907 CEST50003443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.091972113 CEST4435000378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.098989010 CEST50003443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.104506016 CEST4435000278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.118771076 CEST50004443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.118793011 CEST4435000478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.122405052 CEST50004443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.130260944 CEST4434998778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.130358934 CEST4434998778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.130373955 CEST49987443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.134396076 CEST49987443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.140490055 CEST4435000378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.150300026 CEST50005443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.150316000 CEST4435000578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.154369116 CEST50005443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.154675961 CEST50005443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.154675961 CEST50005443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.154689074 CEST4435000578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.176857948 CEST4434998878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.176961899 CEST4434998878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.178348064 CEST49988443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.178348064 CEST49988443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.180911064 CEST50006443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.180922031 CEST4435000678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.181005001 CEST50006443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.181248903 CEST50006443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.181260109 CEST4435000678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.186305046 CEST50006443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.200508118 CEST4435000578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.201139927 CEST4434998978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.201231956 CEST4434998978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.202332020 CEST49989443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.202332020 CEST49989443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.212560892 CEST50007443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.212577105 CEST4435000778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.214524984 CEST50007443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.217909098 CEST50007443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.217909098 CEST50007443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.217922926 CEST4435000778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.221194983 CEST4434999078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.221286058 CEST4434999078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.222337008 CEST49990443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.222337008 CEST49990443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.228504896 CEST4435000678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.246301889 CEST50008443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.246319056 CEST4435000878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.250377893 CEST50008443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.250760078 CEST50008443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.250760078 CEST50008443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.250772953 CEST4435000878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.260504961 CEST4435000778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.263257027 CEST4434999178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.263348103 CEST4434999178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.266343117 CEST49991443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.266343117 CEST49991443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.278295994 CEST50009443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.278312922 CEST4435000978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.278445005 CEST50009443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.281971931 CEST50009443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.281971931 CEST50009443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.281987906 CEST4435000978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.288872957 CEST4434999278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.288960934 CEST4434999278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.290354967 CEST49992443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.290355921 CEST49992443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.296499968 CEST4435000878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.306302071 CEST50010443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.306309938 CEST4435001078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.306406975 CEST50010443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.310322046 CEST50010443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.310333014 CEST4435001078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.311100006 CEST50010443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.328485966 CEST4435000978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.337547064 CEST50011443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.337563038 CEST4435001178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.337656021 CEST50011443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.337919950 CEST50011443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.337930918 CEST4435001178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.340253115 CEST50011443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.356507063 CEST4435001078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.368463039 CEST50012443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.368473053 CEST4435001278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.370398045 CEST50012443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.373887062 CEST50012443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.373887062 CEST50012443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.373897076 CEST4435001278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.384505987 CEST4435001178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.402296066 CEST50013443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.402303934 CEST4435001378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.402515888 CEST50013443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.402734041 CEST50013443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.402745962 CEST4435001378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.406296968 CEST50013443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.416507006 CEST4435001278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.434308052 CEST50014443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.434319019 CEST4435001478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.438383102 CEST50014443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.452501059 CEST4435001378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.470312119 CEST50015443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.470349073 CEST4435001578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.474375963 CEST50015443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.474771976 CEST50015443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.474785089 CEST4435001578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.475229979 CEST50015443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.510303974 CEST50016443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.510343075 CEST4435001678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.510447979 CEST50016443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.510696888 CEST50016443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.510704994 CEST4435001678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.518311977 CEST50016443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.520500898 CEST4435001578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.541281939 CEST50017443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.541327000 CEST4435001778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.541418076 CEST50017443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.541714907 CEST50017443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.541731119 CEST4435001778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.547704935 CEST50017443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.550281048 CEST4434999378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.550380945 CEST4434999378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.550398111 CEST49993443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.550442934 CEST49993443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.551570892 CEST4434999478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.551681995 CEST49994443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.552150965 CEST4434999778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.552244902 CEST4434999778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.552355051 CEST49997443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.552355051 CEST49997443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.552665949 CEST4434999678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.552735090 CEST49996443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.553267956 CEST4434999578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.553364038 CEST4434999578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.553375959 CEST49995443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.553500891 CEST49995443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.560506105 CEST4435001678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.572195053 CEST50018443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.572226048 CEST4435001878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.572302103 CEST50018443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.572670937 CEST50018443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.572689056 CEST4435001878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.576203108 CEST4434999878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.576273918 CEST49998443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.580331087 CEST4434999978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.580372095 CEST50018443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.580403090 CEST49999443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.592499971 CEST4435001778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.603158951 CEST50019443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.603185892 CEST4435001978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.603419065 CEST50019443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.603657961 CEST50019443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.603666067 CEST4435001978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.610362053 CEST50019443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.624502897 CEST4435001878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.634181976 CEST50020443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.634212017 CEST4435002078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.634325027 CEST50020443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.634625912 CEST50020443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.634644032 CEST4435002078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.642626047 CEST50020443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.656502008 CEST4435001978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.665344954 CEST50021443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.665360928 CEST4435002178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.665432930 CEST50021443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.665677071 CEST50021443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.665684938 CEST4435002178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.669209957 CEST50021443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.684520960 CEST4435002078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.698295116 CEST50022443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.698308945 CEST4435002278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.698385954 CEST50022443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.698736906 CEST50022443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.698743105 CEST4435002278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.705871105 CEST50022443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.716497898 CEST4435002178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.743599892 CEST50023443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.743638992 CEST4435002378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.743772984 CEST50023443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.746299028 CEST50023443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.746309996 CEST4435002378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.748509884 CEST4435002278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.754302025 CEST50023443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.776170015 CEST50024443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.776179075 CEST4435002478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.776252031 CEST50024443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.776511908 CEST50024443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.776521921 CEST4435002478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.781900883 CEST50024443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.796499968 CEST4435002378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.801002026 CEST4435000078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.801088095 CEST50000443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.801212072 CEST4435000178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.801290989 CEST50001443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.801593065 CEST4435000578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.801661968 CEST50005443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.801829100 CEST4435000278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.801927090 CEST4435000278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.802006006 CEST50002443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.802079916 CEST50002443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.806602955 CEST50025443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.806624889 CEST4435002578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.807013035 CEST50025443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.807390928 CEST50025443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.807400942 CEST4435002578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.810450077 CEST4435000678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.810556889 CEST4435000678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.810908079 CEST50006443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.810908079 CEST50006443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.821578026 CEST4435000378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.821661949 CEST50003443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.824511051 CEST4435002478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.825026035 CEST50025443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.854294062 CEST50026443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.854307890 CEST4435002678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.854437113 CEST50026443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.854737043 CEST50026443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.854743958 CEST4435002678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.864135981 CEST50026443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.865663052 CEST4435000778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.865746021 CEST50007443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.868500948 CEST4435002578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.879206896 CEST4435000878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.879298925 CEST4435000878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.879307985 CEST50008443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.879489899 CEST50008443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.884605885 CEST50027443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.884622097 CEST4435002778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.884736061 CEST50027443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.886296034 CEST50027443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.886305094 CEST4435002778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.888367891 CEST50027443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.908499956 CEST4435002678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.915335894 CEST50028443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.915345907 CEST4435002878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.915498018 CEST50028443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.915684938 CEST50028443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.915692091 CEST4435002878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.921461105 CEST50028443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.922875881 CEST4435000978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.922966003 CEST50009443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.925072908 CEST4435001078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.925126076 CEST50010443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.932499886 CEST4435002778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.946552992 CEST50029443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.946564913 CEST4435002978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.946719885 CEST50029443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.946952105 CEST50029443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.946959972 CEST4435002978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.952893972 CEST50029443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.964498043 CEST4435002878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.978091002 CEST50030443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.978100061 CEST4435003078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.978379011 CEST50030443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.982297897 CEST50030443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:32.982305050 CEST4435003078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:32.984237909 CEST50030443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.000497103 CEST4435002978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.010303020 CEST50031443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.010317087 CEST4435003178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.010586023 CEST50031443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.010786057 CEST50031443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.010795116 CEST4435003178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.016772032 CEST50031443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.028496027 CEST4435003078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.042299986 CEST50032443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.042324066 CEST4435003278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.042439938 CEST50032443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.042680025 CEST50032443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.042690992 CEST4435003278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.047204971 CEST50032443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.064502001 CEST4435003178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.074301004 CEST50033443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.074328899 CEST4435003378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.074410915 CEST50033443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.074668884 CEST50033443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.074681044 CEST4435003378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.080306053 CEST50033443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.092500925 CEST4435003278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.105371952 CEST50034443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.105402946 CEST4435003478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.105467081 CEST50034443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.105845928 CEST50034443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.105855942 CEST4435003478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.111112118 CEST50034443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.120502949 CEST4435003378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.141501904 CEST50035443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.141513109 CEST4435003578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.141578913 CEST50035443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.142417908 CEST50035443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.142425060 CEST4435003578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.156496048 CEST4435003478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.161528111 CEST50035443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.168405056 CEST4435001178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.168453932 CEST50011443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.169706106 CEST4435001778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.169764996 CEST50017443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.180692911 CEST4435001578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.180752993 CEST50015443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.182765961 CEST50036443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.182780027 CEST4435003678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.182841063 CEST50036443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.183257103 CEST50036443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.183264971 CEST4435003678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.189513922 CEST50036443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.191678047 CEST4435001278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.191734076 CEST50012443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.203887939 CEST4435001878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.203975916 CEST50018443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.204507113 CEST4435003578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.213944912 CEST50037443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.213957071 CEST4435003778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.214020967 CEST50037443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.214344025 CEST50037443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.214354038 CEST4435003778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.217647076 CEST50037443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.236490011 CEST4435003678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.245837927 CEST50038443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.245846033 CEST4435003878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.245898008 CEST50038443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.246293068 CEST50038443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.246301889 CEST4435003878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.249202967 CEST4435001678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.249250889 CEST50016443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.264492989 CEST4435003778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.276768923 CEST4435001378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.276869059 CEST50013443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.276875973 CEST4435001378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.276913881 CEST50013443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.283472061 CEST50038443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.324500084 CEST4435003878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.341065884 CEST50039443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.341090918 CEST4435003978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.341155052 CEST50039443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.341453075 CEST50039443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.341463089 CEST4435003978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.353739977 CEST50039443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.384795904 CEST50040443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.384812117 CEST4435004078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.384917974 CEST50040443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.385324001 CEST50040443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.385334015 CEST4435004078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.396331072 CEST50040443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.400501966 CEST4435003978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.410222054 CEST4435002178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.410284042 CEST50021443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.416984081 CEST4435002278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.417027950 CEST50022443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.424197912 CEST4435002078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.424263000 CEST50020443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.432929993 CEST4435001978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.432977915 CEST50019443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.433063984 CEST4435002378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.433168888 CEST4435002378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.433182001 CEST50023443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.433212042 CEST50023443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.433330059 CEST50041443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.433346033 CEST4435004178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.433398962 CEST50041443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.433623075 CEST50041443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.433631897 CEST4435004178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.437942982 CEST4435002478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.438004017 CEST50024443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.440500975 CEST4435004078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.443197966 CEST4435002578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.443245888 CEST50025443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.446909904 CEST50041443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.476349115 CEST4435002678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.476421118 CEST50026443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.480422974 CEST50042443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.480448961 CEST4435004278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.480516911 CEST50042443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.480731964 CEST50042443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.480741978 CEST4435004278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.492486000 CEST4435004178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.504956961 CEST4435002778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.505040884 CEST50027443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.521105051 CEST50042443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.543450117 CEST50043443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.543466091 CEST4435004378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.543523073 CEST50043443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.543804884 CEST50043443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.543813944 CEST4435004378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.549093008 CEST4435002878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.549143076 CEST50028443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.554398060 CEST50043443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.559132099 CEST4435002978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.559178114 CEST50029443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.564502954 CEST4435004278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.589138031 CEST50044443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.589148045 CEST4435004478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.589242935 CEST50044443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.589451075 CEST50044443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.589461088 CEST4435004478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.596498013 CEST4435004378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.596757889 CEST50044443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.600207090 CEST4435003078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.600306034 CEST50030443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.620106936 CEST50045443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.620119095 CEST4435004578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.620178938 CEST50045443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.620466948 CEST50045443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.620475054 CEST4435004578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.628071070 CEST50045443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.638859987 CEST4435003178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.638916969 CEST50031443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.640505075 CEST4435004478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.650537968 CEST50046443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.650548935 CEST4435004678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.650609016 CEST50046443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.650927067 CEST50046443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.650933981 CEST4435004678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.658855915 CEST50046443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.672497034 CEST4435004578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.676973104 CEST4435003278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.677033901 CEST50032443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.681117058 CEST50047443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.681128979 CEST4435004778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.681248903 CEST50047443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.681480885 CEST50047443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.681490898 CEST4435004778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.689660072 CEST4435003378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.689723015 CEST50033443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.690222025 CEST50047443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.700504065 CEST4435004678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.713438988 CEST50048443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.713478088 CEST4435004878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.713594913 CEST50048443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.713879108 CEST50048443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.713892937 CEST4435004878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.720228910 CEST4435003478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.720279932 CEST50034443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.721237898 CEST50048443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.736505985 CEST4435004778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.744463921 CEST50049443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.744492054 CEST4435004978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.744582891 CEST50049443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.744832039 CEST50049443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.744843006 CEST4435004978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.752835035 CEST50049443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.764507055 CEST4435004878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.775549889 CEST50050443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.775563002 CEST4435005078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.775629044 CEST50050443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.775926113 CEST50050443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.775954962 CEST4435005078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.779431105 CEST50050443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.781591892 CEST4435003578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.781646013 CEST50035443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.800499916 CEST4435004978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.806740999 CEST50051443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.806754112 CEST4435005178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.806801081 CEST50051443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.807054043 CEST50051443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.807065964 CEST4435005178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.815136909 CEST50051443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.817154884 CEST4435003678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.817204952 CEST50036443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.824501038 CEST4435005078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.846844912 CEST50052443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.846873045 CEST4435005278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.846970081 CEST50052443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.847345114 CEST50052443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.847364902 CEST4435005278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.857177973 CEST4435003778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.857227087 CEST50037443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.857815981 CEST50052443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.860500097 CEST4435005178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.865350008 CEST4435003878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.865405083 CEST50038443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.884711981 CEST50053443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.884730101 CEST4435005378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.884788990 CEST50053443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.885065079 CEST50053443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.885076046 CEST4435005378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.887656927 CEST50053443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.904493093 CEST4435005278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.916158915 CEST50054443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.916167021 CEST4435005478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.916224957 CEST50054443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.916448116 CEST50054443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.916457891 CEST4435005478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.923218966 CEST50054443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.932497978 CEST4435005378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.947268963 CEST50055443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.947283030 CEST4435005578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.947384119 CEST50055443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.947618008 CEST50055443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.947626114 CEST4435005578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.953239918 CEST50055443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.968501091 CEST4435005478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.977715969 CEST50056443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.977725983 CEST4435005678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.977785110 CEST50056443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.978089094 CEST50056443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.978107929 CEST4435005678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.982851028 CEST4435003978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:33.982908964 CEST50039443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:33.983644962 CEST50056443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.000502110 CEST4435005578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.009963989 CEST50057443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.009975910 CEST4435005778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.010025024 CEST50057443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.010328054 CEST50057443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.010339022 CEST4435005778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.016489983 CEST50057443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.022988081 CEST4435004078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.023081064 CEST4435004078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.023108006 CEST50040443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.023123026 CEST50040443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.028506041 CEST4435005678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.040824890 CEST50058443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.040832043 CEST4435005878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.040949106 CEST50058443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.041158915 CEST50058443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.041169882 CEST4435005878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.050570011 CEST50058443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.056502104 CEST4435005778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.058274031 CEST4435004178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.058335066 CEST50041443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.072530985 CEST50059443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.072547913 CEST4435005978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.072633028 CEST50059443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.072902918 CEST50059443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.072916985 CEST4435005978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.080252886 CEST50059443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.096499920 CEST4435005878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.102946043 CEST50060443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.102955103 CEST4435006078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.103030920 CEST50060443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.104208946 CEST50060443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.104222059 CEST4435006078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.106297970 CEST50060443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.111603975 CEST4435004278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.111711979 CEST4435004278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.111721992 CEST50042443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.111903906 CEST50042443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.124504089 CEST4435005978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.134490967 CEST50061443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.134516001 CEST4435006178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.134615898 CEST50061443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.138336897 CEST50061443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.138349056 CEST4435006178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.141329050 CEST50061443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.152498960 CEST4435006078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.162880898 CEST4435004378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.162978888 CEST4435004378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.166359901 CEST50043443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.166359901 CEST50043443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.172121048 CEST50062443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.172151089 CEST4435006278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.174371958 CEST50062443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.177668095 CEST50062443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.177668095 CEST50062443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.177679062 CEST4435006278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.188504934 CEST4435006178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.197091103 CEST50063443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.197104931 CEST4435006378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.197185993 CEST50063443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.198299885 CEST50063443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.198309898 CEST4435006378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.202064991 CEST50063443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.216715097 CEST4435004478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.216814041 CEST4435004478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.216886997 CEST50044443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.216886997 CEST50044443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.224497080 CEST4435006278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.228050947 CEST50064443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.228084087 CEST4435006478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.228188992 CEST50064443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.228461027 CEST50064443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.228496075 CEST4435006478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.234299898 CEST50064443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.244501114 CEST4435006378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.249275923 CEST4435004578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.249377966 CEST4435004578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.250343084 CEST50045443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.250343084 CEST50045443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.262301922 CEST50065443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.262329102 CEST4435006578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.262841940 CEST50065443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.266304970 CEST50065443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.266318083 CEST4435006578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.266869068 CEST50065443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.280507088 CEST4435006478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.291033030 CEST50066443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.291054010 CEST4435006678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.291161060 CEST50066443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.291405916 CEST50066443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.291418076 CEST4435006678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.298794031 CEST50066443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.303407907 CEST4435004678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.303508043 CEST4435004678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.303533077 CEST50046443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.303881884 CEST50046443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.312506914 CEST4435006578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.322303057 CEST50067443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.322352886 CEST4435006778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.322532892 CEST50067443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.324378014 CEST4435004778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.324414015 CEST50067443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.324440002 CEST4435006778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.324455976 CEST50047443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.326272011 CEST50067443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.333590031 CEST4435004878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.333676100 CEST4435004878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.333746910 CEST50048443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.333746910 CEST50048443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.344500065 CEST4435006678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.354304075 CEST50068443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.354330063 CEST4435006878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.354459047 CEST50068443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.358302116 CEST50068443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.358314037 CEST4435006878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.358958960 CEST50068443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.372503996 CEST4435006778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.375649929 CEST4435004978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.375752926 CEST4435004978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.375812054 CEST50049443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.375933886 CEST50049443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.384334087 CEST50069443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.384366989 CEST4435006978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.386420965 CEST50069443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.389493942 CEST50069443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.389494896 CEST50069443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.389525890 CEST4435006978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.396543026 CEST4435005078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.396646976 CEST4435005078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.398360968 CEST50050443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.398360968 CEST50050443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.404501915 CEST4435006878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.415384054 CEST50070443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.415415049 CEST4435007078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.415529013 CEST50070443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.418298960 CEST50070443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.418329000 CEST4435007078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.420809984 CEST50070443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.432504892 CEST4435006978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.449764967 CEST4435005178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.449796915 CEST50071443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.449805975 CEST4435007178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.449866056 CEST4435005178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.449892044 CEST50071443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.449893951 CEST50051443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.450057030 CEST50051443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.450145960 CEST50071443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.450156927 CEST4435007178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.451740026 CEST50071443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.468503952 CEST4435007078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.478298903 CEST50072443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.478307009 CEST4435007278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.478430986 CEST50072443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.482299089 CEST50072443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.482315063 CEST4435007278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.484736919 CEST50072443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.486655951 CEST4435005278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.486762047 CEST4435005278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.490375996 CEST50052443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.490375996 CEST50052443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.492499113 CEST4435007178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.503689051 CEST4435005378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.503791094 CEST4435005378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.506397009 CEST50053443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.506397009 CEST50053443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.509975910 CEST50073443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.510005951 CEST4435007378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.510077953 CEST50073443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.510410070 CEST50073443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.510428905 CEST4435007378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.517261982 CEST50073443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.528501987 CEST4435007278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.542304993 CEST50074443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.542345047 CEST4435007478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.542538881 CEST50074443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.543751001 CEST50074443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.543751001 CEST50074443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.543782949 CEST4435007478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.556818008 CEST4435005478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.556899071 CEST50054443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.564505100 CEST4435007378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.574300051 CEST50075443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.574311018 CEST4435007578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.574450016 CEST50075443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.574681997 CEST50075443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.574692011 CEST4435007578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.577775955 CEST50075443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.588493109 CEST4435007478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.606301069 CEST50076443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.606332064 CEST4435007678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.614304066 CEST50076443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.615703106 CEST4435005678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.615809917 CEST4435005678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.615896940 CEST50056443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.615896940 CEST50056443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.624500036 CEST4435007578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.627765894 CEST4435005778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.627856970 CEST50057443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.634309053 CEST50077443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.634315968 CEST4435007778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.634387970 CEST50077443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.638303041 CEST50077443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.638317108 CEST4435007778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.640175104 CEST50077443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.660264015 CEST4435005878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.660362959 CEST4435005878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.660382032 CEST50058443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.660789013 CEST50058443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.661453009 CEST4435005578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.661525011 CEST50055443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.665195942 CEST50078443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.665203094 CEST4435007878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.665575981 CEST50078443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.665843010 CEST50078443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.665853024 CEST4435007878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.670404911 CEST50078443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.684509993 CEST4435007778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.688124895 CEST4435005978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.688235998 CEST4435005978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.690402031 CEST50059443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.690402031 CEST50059443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.697638988 CEST50079443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.697670937 CEST4435007978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.697798014 CEST50079443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.698004961 CEST50079443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.698021889 CEST4435007978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.704806089 CEST50079443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.716497898 CEST4435007878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.728240967 CEST50080443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.728272915 CEST4435008078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.730516911 CEST50080443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.730706930 CEST50080443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.730717897 CEST4435008078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.736248016 CEST4435006078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.736282110 CEST50080443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.736346960 CEST4435006078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.738347054 CEST50060443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.738347054 CEST50060443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.751949072 CEST4435006178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.752017021 CEST50061443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.752501011 CEST4435007978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.759243965 CEST50081443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.759268999 CEST4435008178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.759361029 CEST50081443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.759793997 CEST50081443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.759804964 CEST4435008178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.761841059 CEST50081443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.780492067 CEST4435008078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.790431976 CEST50082443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.790441036 CEST4435008278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.790523052 CEST50082443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.790807962 CEST50082443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.790817022 CEST4435008278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.797368050 CEST50082443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.801899910 CEST4435006278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.802001953 CEST4435006278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.802023888 CEST50062443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.802095890 CEST50062443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.808496952 CEST4435008178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.823084116 CEST50083443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.823098898 CEST4435008378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.826369047 CEST50083443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.826584101 CEST50083443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.826595068 CEST4435008378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.830188036 CEST50083443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.840498924 CEST4435008278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.843079090 CEST4435006378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.843185902 CEST4435006378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.843216896 CEST50063443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.843597889 CEST50063443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.859415054 CEST4435006478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.859452009 CEST50084443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.859462976 CEST4435008478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.859509945 CEST50064443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.859517097 CEST4435006478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.859579086 CEST50064443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.859585047 CEST50084443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.859843016 CEST50084443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.859857082 CEST4435008478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.870304108 CEST50084443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.876492023 CEST4435008378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.893754005 CEST4435006578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.893860102 CEST4435006578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.893978119 CEST50065443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.893978119 CEST50065443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.900593996 CEST50085443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.900609016 CEST4435008578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.900758028 CEST50085443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.901032925 CEST50085443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.901042938 CEST4435008578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.909343958 CEST50085443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.912508011 CEST4435008478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.923763037 CEST4435006678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.923860073 CEST4435006678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.923887014 CEST50066443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.924081087 CEST50066443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.934302092 CEST50086443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.934314013 CEST4435008678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.934505939 CEST50086443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.934864998 CEST50086443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.934874058 CEST4435008678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.937256098 CEST50086443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.952502012 CEST4435008578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.954675913 CEST4435006778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.954775095 CEST4435006778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.954803944 CEST50067443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.954830885 CEST50067443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.962124109 CEST50087443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.962137938 CEST4435008778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.962256908 CEST50087443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.962513924 CEST50087443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.962527037 CEST4435008778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.967884064 CEST50087443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.980508089 CEST4435008678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.989442110 CEST4435006878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.989531994 CEST4435006878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.989563942 CEST50068443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.989769936 CEST50068443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.994400024 CEST50088443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.994410038 CEST4435008878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.994565010 CEST50088443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.998301029 CEST50088443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:34.998334885 CEST4435008878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:34.998482943 CEST50088443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.007863045 CEST4435006978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.007942915 CEST50069443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.012499094 CEST4435008778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.027174950 CEST50089443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.027192116 CEST4435008978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.027303934 CEST50089443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.027777910 CEST50089443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.027787924 CEST4435008978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.033574104 CEST50089443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.054570913 CEST4435007078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.054673910 CEST4435007078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.054688931 CEST50070443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.055155039 CEST50070443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.056606054 CEST50090443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.056616068 CEST4435009078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.056715965 CEST50090443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.057002068 CEST50090443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.057010889 CEST4435009078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.063380003 CEST50090443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.080492973 CEST4435008978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.085464001 CEST4435007178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.085515022 CEST50071443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.088946104 CEST50091443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.088958979 CEST4435009178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.089023113 CEST50091443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.089332104 CEST50091443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.089342117 CEST4435009178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.096247911 CEST50091443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.096920967 CEST4435007278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.096973896 CEST50072443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.108495951 CEST4435009078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.120033979 CEST50092443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.120048046 CEST4435009278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.120107889 CEST50092443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.120383978 CEST50092443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.120390892 CEST4435009278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.134769917 CEST50092443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.136498928 CEST4435009178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.147562027 CEST4435007378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.147629976 CEST50073443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.167439938 CEST50093443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.167454004 CEST4435009378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.167507887 CEST50093443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.167511940 CEST4435007478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.167560101 CEST50074443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.167812109 CEST50093443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.167821884 CEST4435009378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.175172091 CEST50093443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.180489063 CEST4435009278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.198285103 CEST4435007578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.198348999 CEST50075443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.200556993 CEST50094443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.200573921 CEST4435009478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.200628042 CEST50094443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.201152086 CEST50094443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.201160908 CEST4435009478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.209387064 CEST50094443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.216500998 CEST4435009378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.244671106 CEST50095443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.244709015 CEST4435009578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.244757891 CEST50095443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.245090961 CEST50095443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.245099068 CEST4435009578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.255868912 CEST50095443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.256508112 CEST4435009478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.283179045 CEST4435007778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.283237934 CEST50077443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.292077065 CEST50096443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.292109013 CEST4435009678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.292181969 CEST50096443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.292431116 CEST50096443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.292443991 CEST4435009678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.300504923 CEST4435009578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.303134918 CEST50096443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.322407007 CEST4435007878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.322460890 CEST50078443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.325084925 CEST4435007978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.325200081 CEST4435007978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.325222969 CEST50079443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.325252056 CEST50079443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.344500065 CEST4435009678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.354484081 CEST50097443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.354516983 CEST4435009778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.354578018 CEST50097443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.354846954 CEST50097443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.354857922 CEST4435009778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.370362997 CEST50097443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.379232883 CEST4435008078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.379302025 CEST50080443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.401180983 CEST50098443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.401196957 CEST4435009878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.401252031 CEST50098443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.401570082 CEST50098443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.401578903 CEST4435009878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.408030033 CEST50098443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.408725977 CEST4435008178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.408786058 CEST50081443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.412497997 CEST4435009778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.416687965 CEST4435008278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.416738033 CEST50082443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.431478024 CEST50099443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.431492090 CEST4435009978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.431583881 CEST50099443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.431818962 CEST50099443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.431828976 CEST4435009978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.438131094 CEST50099443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.448499918 CEST4435009878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.452750921 CEST4435008378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.452805996 CEST50083443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.462843895 CEST50100443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.462858915 CEST4435010078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.462913036 CEST50100443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.463151932 CEST50100443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.463160992 CEST4435010078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.469753981 CEST50100443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.484498978 CEST4435009978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.487430096 CEST4435008478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.487488985 CEST50084443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.493968010 CEST50101443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.493983030 CEST4435010178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.494117022 CEST50101443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.494446993 CEST50101443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.494457960 CEST4435010178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.502104998 CEST50101443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.516505957 CEST4435010078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.518007040 CEST4435008578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.518054008 CEST50085443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.526249886 CEST50102443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.526257992 CEST4435010278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.526314974 CEST50102443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.526546955 CEST50102443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.526556015 CEST4435010278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.529594898 CEST50102443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.548494101 CEST4435010178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.560197115 CEST4435008678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.560308933 CEST4435008678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.560380936 CEST50086443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.560399055 CEST50086443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.564824104 CEST50103443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.564836979 CEST4435010378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.564898968 CEST50103443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.565197945 CEST50103443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.565205097 CEST4435010378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.576497078 CEST4435010278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.576566935 CEST50103443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.589343071 CEST4435008778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.589392900 CEST50087443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.605715990 CEST50104443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.605724096 CEST4435010478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.605775118 CEST50104443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.606075048 CEST50104443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.606082916 CEST4435010478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.617651939 CEST50104443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.624489069 CEST4435010378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.652720928 CEST50105443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.652733088 CEST4435010578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.652781963 CEST50105443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.653211117 CEST50105443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.653222084 CEST4435010578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.662091970 CEST4435008978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.662153006 CEST50089443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.664489985 CEST4435010478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.675126076 CEST50105443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.686152935 CEST4435009078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.686209917 CEST50090443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.700653076 CEST50106443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.700665951 CEST4435010678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.700727940 CEST50106443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.701028109 CEST50106443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.701036930 CEST4435010678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.703697920 CEST4435009178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.703758955 CEST50091443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.716500998 CEST4435010578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.723203897 CEST50106443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.748478889 CEST50107443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.748500109 CEST4435010778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.748547077 CEST50107443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.748908997 CEST50107443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.748915911 CEST4435010778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.760864973 CEST50107443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.764502048 CEST4435010678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.770803928 CEST4435009278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.770853043 CEST50092443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.792407990 CEST50108443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.792419910 CEST4435010878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.792478085 CEST50108443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.792741060 CEST50108443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.792749882 CEST4435010878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.808501959 CEST4435010778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.810777903 CEST50108443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.839710951 CEST50109443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.839732885 CEST4435010978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.839782953 CEST50109443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.840049028 CEST50109443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.840056896 CEST4435010978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.849813938 CEST50109443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.849848032 CEST4435009478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.849905968 CEST50094443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.852503061 CEST4435010878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.862577915 CEST4435009578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.862674952 CEST4435009578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.862716913 CEST50095443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.862732887 CEST50095443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.886133909 CEST4435009378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.886190891 CEST50093443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.889719009 CEST50110443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.889730930 CEST4435011078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.889792919 CEST50110443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.890255928 CEST50110443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.890264988 CEST4435011078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.892499924 CEST4435010978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.911878109 CEST50110443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.917259932 CEST4435009678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.917325974 CEST50096443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.933260918 CEST50111443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.933279991 CEST4435011178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.933347940 CEST50111443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.933712959 CEST50111443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.933722973 CEST4435011178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.942284107 CEST50111443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.956496954 CEST4435011078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.962183952 CEST50112443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.962230921 CEST4435011278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.962290049 CEST50112443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.962527990 CEST50112443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.962542057 CEST4435011278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.964668036 CEST50112443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.978400946 CEST4435009778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.978457928 CEST50097443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.984498978 CEST4435011178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.995307922 CEST50113443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.995352983 CEST4435011378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:35.995414019 CEST50113443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.995702028 CEST50113443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:35.995718002 CEST4435011378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.001081944 CEST50113443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.008511066 CEST4435011278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.024216890 CEST4435009878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.024272919 CEST50098443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.026489973 CEST50114443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.026506901 CEST4435011478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.026665926 CEST50114443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.026940107 CEST50114443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.026951075 CEST4435011478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.034101963 CEST50114443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.048500061 CEST4435011378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.053874016 CEST4435009978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.053941011 CEST50099443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.056194067 CEST50115443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.056211948 CEST4435011578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.056283951 CEST50115443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.056596994 CEST50115443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.056607962 CEST4435011578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.062077045 CEST50115443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.080503941 CEST4435011478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.086812019 CEST4435010078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.086920023 CEST4435010078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.090349913 CEST50116443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.090373039 CEST4435011678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.090375900 CEST50100443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.090377092 CEST50100443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.090461016 CEST50116443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.092220068 CEST50116443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.092220068 CEST50116443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.092236042 CEST4435011678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.104507923 CEST4435011578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.107423067 CEST4435010178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.107530117 CEST4435010178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.110343933 CEST50101443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.110343933 CEST50101443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.122308969 CEST50117443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.122332096 CEST4435011778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.126393080 CEST50117443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.132508039 CEST4435011678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.145000935 CEST4435010278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.145095110 CEST4435010278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.146348000 CEST50102443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.146348000 CEST50102443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.149795055 CEST50118443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.149806976 CEST4435011878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.150008917 CEST50118443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.150305033 CEST50118443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.150316954 CEST4435011878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.158303022 CEST50118443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.182316065 CEST50119443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.182329893 CEST4435011978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.183516979 CEST50119443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.187360048 CEST4435010378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.187458038 CEST4435010378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.190376997 CEST50103443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.190376997 CEST50103443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.204513073 CEST4435011878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.214301109 CEST50120443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.214309931 CEST4435012078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.218404055 CEST50120443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.250304937 CEST50121443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.250335932 CEST4435012178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.254378080 CEST50121443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.255666018 CEST50121443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.255666018 CEST50121443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.255683899 CEST4435012178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.263027906 CEST4435010478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.263130903 CEST4435010478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.266355991 CEST50104443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.266355991 CEST50104443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.268529892 CEST4435010578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.268651009 CEST4435010578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.268719912 CEST50105443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.268719912 CEST50105443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.275235891 CEST50122443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.275248051 CEST4435012278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.275326014 CEST50122443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.275544882 CEST50122443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.275557041 CEST4435012278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.282305002 CEST50122443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.300488949 CEST4435012178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.308305979 CEST50123443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.308336020 CEST4435012378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.310420036 CEST50123443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.311665058 CEST50123443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.311682940 CEST4435012378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.316082001 CEST50123443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.328504086 CEST4435012278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.339057922 CEST50124443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.339073896 CEST4435012478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.339205027 CEST50124443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.339457035 CEST50124443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.339468002 CEST4435012478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.346548080 CEST50124443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.356498957 CEST4435012378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.384394884 CEST50125443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.384417057 CEST4435012578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.386406898 CEST50125443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.386825085 CEST50125443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.386845112 CEST4435012578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.392505884 CEST4435012478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.392829895 CEST50125443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.415853024 CEST50126443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.415870905 CEST4435012678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.416016102 CEST50126443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.416240931 CEST50126443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.416259050 CEST4435012678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.426338911 CEST50126443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.440496922 CEST4435012578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.446569920 CEST50127443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.446590900 CEST4435012778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.446692944 CEST50127443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.446913958 CEST50127443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.446927071 CEST4435012778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.452138901 CEST50127443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.472496986 CEST4435012678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.477986097 CEST50128443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.478018999 CEST4435012878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.478351116 CEST50128443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.478570938 CEST50128443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.478583097 CEST4435012878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.486304998 CEST50128443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.496498108 CEST4435012778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.509156942 CEST50129443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.509186029 CEST4435012978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.509480000 CEST50129443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.509764910 CEST50129443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.509778976 CEST4435012978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.512402058 CEST50129443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.528501987 CEST4435012878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.533895016 CEST4435010678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.533992052 CEST50106443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.534742117 CEST4435010778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.534811020 CEST50107443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.535537958 CEST4435010978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.535633087 CEST4435011078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.535681009 CEST4435010878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.535693884 CEST50109443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.535693884 CEST50110443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.535794020 CEST4435010878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.535893917 CEST50108443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.535893917 CEST50108443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.546304941 CEST50130443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.546319008 CEST4435013078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.546473980 CEST50130443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.546874046 CEST50130443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.546885014 CEST4435013078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.550317049 CEST50130443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.556497097 CEST4435012978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.582314968 CEST50131443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.582370043 CEST4435013178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.582489967 CEST50131443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.582808971 CEST50131443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.582823038 CEST4435013178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.587071896 CEST50131443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.596499920 CEST4435013078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.619301081 CEST50132443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.619319916 CEST4435013278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.619453907 CEST50132443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.619672060 CEST50132443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.619683981 CEST4435013278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.623492956 CEST50132443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.628499985 CEST4435013178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.650305986 CEST50133443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.650322914 CEST4435013378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.650394917 CEST50133443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.650892019 CEST50133443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.650903940 CEST4435013378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.658304930 CEST50133443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.668498039 CEST4435013278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.682305098 CEST50134443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.682316065 CEST4435013478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.682391882 CEST50134443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.682816982 CEST50134443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.682828903 CEST4435013478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.690313101 CEST50134443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.704498053 CEST4435013378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.714308023 CEST50135443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.714323044 CEST4435013578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.714421988 CEST50135443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.714632034 CEST50135443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.714643955 CEST4435013578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.717592955 CEST50135443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.736498117 CEST4435013478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.744174004 CEST50136443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.744185925 CEST4435013678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.744293928 CEST50136443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.744503021 CEST50136443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.744513988 CEST4435013678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.750514030 CEST50136443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.760499001 CEST4435013578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.761567116 CEST4435011178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.761671066 CEST4435011178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.761703014 CEST50111443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.761761904 CEST50111443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.762159109 CEST4435011278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.762267113 CEST4435011278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.762298107 CEST50112443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.762346983 CEST50112443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.762892008 CEST4435011378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.762988091 CEST4435011378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.763015985 CEST50113443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.763840914 CEST4435011578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.763904095 CEST50113443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.763905048 CEST50115443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.764039040 CEST4435011678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.764098883 CEST4435011478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.764144897 CEST4435011678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.764163017 CEST50116443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.764163971 CEST50114443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.764281034 CEST50116443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.775033951 CEST50137443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.775051117 CEST4435013778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.775146961 CEST50137443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.775351048 CEST50137443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.775363922 CEST4435013778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.782313108 CEST50137443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.794142962 CEST4435011878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.794241905 CEST4435011878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.794303894 CEST50118443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.794313908 CEST50118443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.796498060 CEST4435013678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.806313992 CEST50138443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.806323051 CEST4435013878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.806406975 CEST50138443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.810314894 CEST50138443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.810327053 CEST4435013878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.812001944 CEST50138443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.828495979 CEST4435013778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.838320971 CEST50139443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.838336945 CEST4435013978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.838413954 CEST50139443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.839011908 CEST50139443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.839011908 CEST50139443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.839024067 CEST4435013978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.856496096 CEST4435013878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.869519949 CEST50140443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.869555950 CEST4435014078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.870484114 CEST50140443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.870724916 CEST50140443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.870743036 CEST4435014078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.876545906 CEST50140443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.880498886 CEST4435013978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.885530949 CEST4435012178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.885627031 CEST4435012178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.885646105 CEST50121443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.885713100 CEST50121443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.899840117 CEST4435012278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.899960041 CEST4435012278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.899974108 CEST50122443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.900278091 CEST50122443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.900372982 CEST50141443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.900386095 CEST4435014178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.900461912 CEST50141443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.900708914 CEST50141443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.900721073 CEST4435014178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.906470060 CEST50141443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.924494982 CEST4435014078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.937719107 CEST50142443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.937748909 CEST4435014278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.938350916 CEST50142443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.938848972 CEST50142443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.938860893 CEST4435014278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.945940971 CEST50142443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.952491045 CEST4435014178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.978461981 CEST50143443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.978507996 CEST4435014378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.978596926 CEST50143443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.982305050 CEST50143443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.982316017 CEST4435014378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:36.985955000 CEST50143443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:36.988498926 CEST4435014278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.010310888 CEST50144443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.010350943 CEST4435014478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.010557890 CEST50144443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.010773897 CEST50144443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.010781050 CEST4435014478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.015152931 CEST50144443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.028496981 CEST4435014378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.042313099 CEST50145443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.042340994 CEST4435014578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.042596102 CEST50145443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.042769909 CEST50145443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.042782068 CEST4435014578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.046305895 CEST50145443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.060494900 CEST4435014478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.072424889 CEST50146443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.072434902 CEST4435014678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.072675943 CEST50146443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.073050022 CEST50146443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.073056936 CEST4435014678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.082307100 CEST50146443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.092499971 CEST4435014578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.103734970 CEST50147443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.103751898 CEST4435014778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.103812933 CEST50147443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.104135990 CEST50147443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.104146957 CEST4435014778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.112030029 CEST50147443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.128495932 CEST4435014678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.135251999 CEST50148443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.135272980 CEST4435014878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.135332108 CEST50148443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.135598898 CEST50148443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.135610104 CEST4435014878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.142744064 CEST50148443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.156495094 CEST4435014778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.166480064 CEST50149443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.166491032 CEST4435014978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.166553974 CEST50149443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.166961908 CEST50149443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.166971922 CEST4435014978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.170758963 CEST50149443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.188493967 CEST4435014878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.198457956 CEST50150443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.198468924 CEST4435015078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.198529959 CEST50150443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.198837042 CEST50150443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.198846102 CEST4435015078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.206470013 CEST50150443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.212505102 CEST4435014978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.230357885 CEST50151443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.230369091 CEST4435015178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.230437994 CEST50151443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.230720997 CEST50151443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.230729103 CEST4435015178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.239346981 CEST50151443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.252494097 CEST4435015078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.268336058 CEST50152443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.268345118 CEST4435015278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.268419981 CEST50152443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.268711090 CEST50152443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.268719912 CEST4435015278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.274621964 CEST50152443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.284493923 CEST4435015178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.308911085 CEST50153443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.308922052 CEST4435015378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.308980942 CEST50153443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.309288979 CEST50153443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.309298038 CEST4435015378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.320497036 CEST4435015278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.320497990 CEST50153443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.353089094 CEST50154443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.353097916 CEST4435015478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.353147030 CEST50154443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.353425026 CEST50154443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.353434086 CEST4435015478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.362557888 CEST50154443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.363732100 CEST4435012778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.363789082 CEST50127443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.365691900 CEST4435013078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.365753889 CEST50130443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.367326975 CEST4435013278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.367397070 CEST50132443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.367408037 CEST4435013678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.367449045 CEST50136443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.368067026 CEST4435012378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.368125916 CEST50123443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.368491888 CEST4435015378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.369431019 CEST4435013178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.369482040 CEST50131443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.370135069 CEST4435012678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.370182037 CEST50126443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.370599031 CEST4435012478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.370641947 CEST50124443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.374811888 CEST4435012578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.374912977 CEST4435012578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.374972105 CEST50125443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.374972105 CEST50125443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.377567053 CEST4435012978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.377614021 CEST50129443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.378391027 CEST4435013478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.378437996 CEST50134443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.380007982 CEST4435012878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.380100965 CEST50128443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.391700983 CEST50155443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.391724110 CEST4435015578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.391789913 CEST50155443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.392069101 CEST50155443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.392080069 CEST4435015578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.392632961 CEST4435013378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.392704010 CEST50133443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.395401001 CEST4435013778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.395454884 CEST50137443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.397159100 CEST4435013578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.397213936 CEST50135443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.408502102 CEST4435015478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.414272070 CEST50155443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.425097942 CEST4435013878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.425143003 CEST50138443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.447290897 CEST50156443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.447304964 CEST4435015678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.447392941 CEST50156443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.447644949 CEST50156443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.447654009 CEST4435015678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.453944921 CEST4435013978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.454025030 CEST50139443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.454786062 CEST50156443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.456497908 CEST4435015578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.478045940 CEST50157443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.478066921 CEST4435015778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.478146076 CEST50157443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.478415966 CEST50157443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.478423119 CEST4435015778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.485500097 CEST50157443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.496505022 CEST4435015678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.497373104 CEST4435014078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.497472048 CEST4435014078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.497513056 CEST50140443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.497525930 CEST50140443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.508966923 CEST50158443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.508985996 CEST4435015878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.509083033 CEST50158443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.509356022 CEST50158443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.509366989 CEST4435015878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.515480995 CEST50158443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.525085926 CEST4435014178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.525152922 CEST50141443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.532500029 CEST4435015778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.540743113 CEST50159443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.540750980 CEST4435015978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.540846109 CEST50159443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.541096926 CEST50159443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.541110992 CEST4435015978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.547947884 CEST50159443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.548219919 CEST4435014278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.548265934 CEST50142443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.560494900 CEST4435015878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.574189901 CEST50160443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.574214935 CEST4435016078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.574284077 CEST50160443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.574515104 CEST50160443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.574526072 CEST4435016078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.586357117 CEST50160443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.592502117 CEST4435015978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.596560001 CEST4435014378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.596605062 CEST50143443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.627317905 CEST50161443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.627346039 CEST4435016178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.627408981 CEST50161443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.627662897 CEST50161443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.627670050 CEST4435016178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.630456924 CEST4435014478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.630503893 CEST50144443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.632498980 CEST4435016078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.640719891 CEST50161443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.657205105 CEST4435014578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.657269001 CEST50145443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.666956902 CEST50162443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.666965961 CEST4435016278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.667021990 CEST50162443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.667294025 CEST50162443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.667299986 CEST4435016278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.676763058 CEST50162443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.684506893 CEST4435016178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.698272943 CEST50163443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.698286057 CEST4435016378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.698348045 CEST50163443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.698776007 CEST50163443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.698791981 CEST4435016378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.708571911 CEST50163443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.717278004 CEST4435014678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.717322111 CEST50146443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.720504045 CEST4435016278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.742945910 CEST50164443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.742959023 CEST4435016478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.743038893 CEST50164443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.743458986 CEST50164443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.743468046 CEST4435016478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.745049953 CEST50164443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.752497911 CEST4435016378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.753453016 CEST4435014778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.753521919 CEST50147443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.768167019 CEST4435014878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.768218040 CEST50148443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.776779890 CEST50165443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.776803970 CEST4435016578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.776858091 CEST50165443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.777235985 CEST50165443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.777246952 CEST4435016578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.786477089 CEST50165443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.792493105 CEST4435016478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.801204920 CEST4435014978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.801256895 CEST50149443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.807241917 CEST50166443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.807252884 CEST4435016678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.807311058 CEST50166443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.807571888 CEST50166443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.807580948 CEST4435016678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.814574003 CEST4435015078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.814624071 CEST50150443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.816735983 CEST50166443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.832489967 CEST4435016578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.837954044 CEST50167443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.837969065 CEST4435016778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.838015079 CEST50167443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.838342905 CEST50167443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.838351011 CEST4435016778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.848160028 CEST50167443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.864500999 CEST4435016678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.869496107 CEST50168443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.869503975 CEST4435016878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.869611979 CEST50168443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.869949102 CEST50168443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.869956970 CEST4435016878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.880393982 CEST50168443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.892498970 CEST4435016778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.896500111 CEST4435015278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.896559000 CEST50152443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.900805950 CEST50169443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.900815964 CEST4435016978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.900880098 CEST50169443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.901108980 CEST50169443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.901118994 CEST4435016978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.909323931 CEST50169443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.920504093 CEST4435016878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.924407005 CEST4435015378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.924459934 CEST50153443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.952506065 CEST4435016978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.958646059 CEST4435015178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.958689928 CEST50151443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.967653036 CEST50170443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.967662096 CEST4435017078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.967721939 CEST50170443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.968067884 CEST50170443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.968077898 CEST4435017078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.973459005 CEST4435015478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:37.973512888 CEST50154443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:37.982566118 CEST50170443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.008557081 CEST4435015578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.008668900 CEST4435015578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.008723021 CEST50155443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.008744001 CEST50155443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.010921001 CEST50171443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.010936975 CEST4435017178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.011023998 CEST50171443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.011254072 CEST50171443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.011260033 CEST4435017178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.018040895 CEST50171443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.028498888 CEST4435017078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.043868065 CEST50172443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.043891907 CEST4435017278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.043947935 CEST50172443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.044226885 CEST50172443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.044238091 CEST4435017278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.048898935 CEST50172443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.063676119 CEST4435015678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.063781977 CEST4435015678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.063843012 CEST50156443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.063843012 CEST50156443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.064493895 CEST4435017178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.073204041 CEST50173443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.073223114 CEST4435017378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.073277950 CEST50173443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.073601007 CEST50173443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.073609114 CEST4435017378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.079901934 CEST50173443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.092497110 CEST4435017278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.094228029 CEST4435015778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.094321966 CEST4435015778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.094486952 CEST50157443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.094486952 CEST50157443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.103108883 CEST50174443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.103123903 CEST4435017478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.106420994 CEST50174443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.108269930 CEST50174443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.108269930 CEST50174443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.108279943 CEST4435017478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.120500088 CEST4435017378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.130824089 CEST4435015878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.130934000 CEST4435015878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.134186029 CEST50175443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.134202003 CEST4435017578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.134234905 CEST50158443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.134300947 CEST50175443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.134300947 CEST50158443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.134533882 CEST50175443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.134542942 CEST4435017578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.139108896 CEST50175443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.148499012 CEST4435017478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.164660931 CEST4435015978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.164757967 CEST4435015978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.166306973 CEST50176443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.166340113 CEST4435017678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.166361094 CEST50159443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.166361094 CEST50159443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.166445017 CEST50176443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.170277119 CEST50176443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.170277119 CEST50176443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.170290947 CEST4435017678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.184499025 CEST4435017578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.188097954 CEST4435016078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.188206911 CEST4435016078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.190347910 CEST50160443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.190347910 CEST50160443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.198312044 CEST50177443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.198345900 CEST4435017778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.202434063 CEST50177443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.216499090 CEST4435017678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.228015900 CEST50178443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.228029013 CEST4435017878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.230529070 CEST50178443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.233222008 CEST50178443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.233222008 CEST50178443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.233237982 CEST4435017878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.259227991 CEST50179443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.259243965 CEST4435017978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.262420893 CEST50179443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.266320944 CEST50179443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.266366005 CEST4435017978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.267215967 CEST4435016178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.267329931 CEST4435016178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.267407894 CEST50179443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.267410994 CEST50161443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.267513990 CEST50161443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.280503035 CEST4435017878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.295444965 CEST4435016278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.295559883 CEST4435016278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.295650005 CEST50162443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.295650005 CEST50162443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.296555996 CEST50180443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.296580076 CEST4435018078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.296705961 CEST50180443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.296993017 CEST50180443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.297007084 CEST4435018078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.306308031 CEST50180443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.329233885 CEST4435016378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.329334021 CEST4435016378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.330359936 CEST50163443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.330359936 CEST50163443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.338316917 CEST50181443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.338335991 CEST4435018178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.338522911 CEST50181443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.338704109 CEST50181443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.338715076 CEST4435018178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.342446089 CEST50181443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.348500967 CEST4435018078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.368874073 CEST50182443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.368884087 CEST4435018278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.370415926 CEST50182443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.372003078 CEST50182443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.372003078 CEST50182443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.372015953 CEST4435018278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.388509989 CEST4435018178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.412503958 CEST4435018278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.416218042 CEST50183443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.416240931 CEST4435018378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.418359041 CEST50183443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.418648958 CEST50183443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.418663025 CEST4435018378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.421382904 CEST4435016678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.421490908 CEST4435016678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.421559095 CEST50166443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.421559095 CEST50166443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.424149990 CEST50183443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.447057962 CEST4435016478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.447092056 CEST50184443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.447101116 CEST4435018478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.447151899 CEST4435016478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.447181940 CEST50164443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.447212934 CEST50184443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.447215080 CEST50164443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.447427988 CEST50184443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.447438002 CEST4435018478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.451771975 CEST50184443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.468499899 CEST4435018378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.470890999 CEST4435016778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.470998049 CEST4435016778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.474348068 CEST50167443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.474348068 CEST50167443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.476695061 CEST4435016578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.476789951 CEST4435016578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.476819992 CEST50165443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.476900101 CEST50165443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.478312969 CEST50185443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.478331089 CEST4435018578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.482381105 CEST50185443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.491991043 CEST4435016878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.492111921 CEST4435016878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.492501974 CEST4435018478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.492587090 CEST50168443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.492587090 CEST50168443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.509057999 CEST50186443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.509068966 CEST4435018678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.510416985 CEST50186443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.514312029 CEST50186443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.514322042 CEST4435018678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.515324116 CEST50186443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.537022114 CEST4435016978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.537122011 CEST4435016978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.538360119 CEST50169443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.538360119 CEST50169443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.540277004 CEST50187443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.540312052 CEST4435018778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.540381908 CEST50187443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.540622950 CEST50187443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.540637970 CEST4435018778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.546139956 CEST50187443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.560502052 CEST4435018678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.588501930 CEST4435018778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.588538885 CEST50188443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.588563919 CEST4435018878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.588776112 CEST50188443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.588915110 CEST50188443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.588941097 CEST4435018878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.591357946 CEST50188443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.594830990 CEST4435017078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.594952106 CEST4435017078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.595057011 CEST50170443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.595057011 CEST50170443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.622312069 CEST50189443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.622334003 CEST4435018978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.622457027 CEST50189443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.626317978 CEST50189443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.626332045 CEST4435018978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.629781961 CEST4435017178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.629893064 CEST4435017178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.629966974 CEST50171443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.629966974 CEST50171443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.632517099 CEST4435018878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.642992020 CEST50189443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.658725023 CEST4435017278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.658828020 CEST4435017278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.658893108 CEST50172443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.658893108 CEST50172443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.666321039 CEST50190443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.666336060 CEST4435019078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.666420937 CEST50190443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.670312881 CEST50190443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.670325994 CEST4435019078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.672532082 CEST50190443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.688496113 CEST4435018978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.698317051 CEST50191443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.698350906 CEST4435019178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.698553085 CEST50191443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.698894978 CEST50191443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.698932886 CEST4435019178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.702249050 CEST50191443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.720493078 CEST4435019078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.730317116 CEST50192443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.730349064 CEST4435019278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.730473995 CEST50192443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.730792999 CEST50192443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.730808020 CEST4435019278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.734399080 CEST50192443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.744517088 CEST4435019178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.748348951 CEST4435017478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.748416901 CEST50174443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.759473085 CEST50193443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.759497881 CEST4435019378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.759743929 CEST50193443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.762319088 CEST50193443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.762331963 CEST4435019378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.766875029 CEST50193443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.767853975 CEST4435017578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.767940044 CEST50175443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.776494026 CEST4435019278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.790515900 CEST50194443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.790534019 CEST4435019478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.790781975 CEST50194443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.791054010 CEST50194443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.791064978 CEST4435019478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.798373938 CEST50194443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.800898075 CEST4435017378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.800972939 CEST50173443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.808501959 CEST4435019378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.821985006 CEST50195443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.822002888 CEST4435019578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.822376966 CEST50195443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.822586060 CEST50195443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.822598934 CEST4435019578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.830319881 CEST50195443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.844499111 CEST4435019478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.854314089 CEST50196443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.854331970 CEST4435019678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.854412079 CEST50196443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.854774952 CEST50196443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.854787111 CEST4435019678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.860785961 CEST50196443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.873600006 CEST4435017878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.873703957 CEST4435017878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.873707056 CEST50178443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.873883009 CEST50178443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.876499891 CEST4435019578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.884085894 CEST4435017678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.884197950 CEST50176443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.884691954 CEST50197443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.884705067 CEST4435019778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.884763002 CEST50197443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.885314941 CEST50197443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.885325909 CEST4435019778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.892421961 CEST50197443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.904500008 CEST4435019678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.908859968 CEST4435018078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.908927917 CEST50180443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.918308020 CEST50198443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.918318987 CEST4435019878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.918382883 CEST50198443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.918557882 CEST50198443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.918592930 CEST4435019878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.918653965 CEST50198443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.936500072 CEST4435019778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.947315931 CEST50199443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.947335958 CEST4435019978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.947388887 CEST50199443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.947624922 CEST50199443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.947643995 CEST4435019978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.956115961 CEST50199443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.958967924 CEST4435018178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.959074020 CEST4435018178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.959103107 CEST50181443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.962358952 CEST50181443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.983958006 CEST50200443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.983994007 CEST4435020078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.984112024 CEST50200443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.984474897 CEST50200443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.984497070 CEST4435020078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.987720966 CEST4435018278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.987812042 CEST4435018278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:38.987879992 CEST50182443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:38.987879992 CEST50182443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.000509024 CEST4435019978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.003655910 CEST50200443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.025125027 CEST50201443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.025150061 CEST4435020178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.026483059 CEST50201443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.027029037 CEST50201443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.027040005 CEST4435020178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.029618979 CEST50201443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.045099020 CEST4435018378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.045298100 CEST4435018378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.045392990 CEST50183443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.045392990 CEST50183443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.048495054 CEST4435020078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.058315992 CEST50202443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.058329105 CEST4435020278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.058511972 CEST50202443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.060947895 CEST4435018478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.060978889 CEST50202443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.060992002 CEST4435020278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.061032057 CEST50184443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.062194109 CEST50202443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.076498032 CEST4435020178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.088031054 CEST50203443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.088047981 CEST4435020378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.088159084 CEST50203443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.088398933 CEST50203443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.088423967 CEST4435020378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.095990896 CEST50203443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.108498096 CEST4435020278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.119750023 CEST50204443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.119760990 CEST4435020478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.119822979 CEST50204443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.120146990 CEST50204443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.120162964 CEST4435020478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.136508942 CEST4435020378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.143088102 CEST4435018678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.143143892 CEST50186443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.157500029 CEST50204443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.159878969 CEST4435018778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.159924984 CEST50187443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.185744047 CEST50205443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.185760975 CEST4435020578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.185832977 CEST50205443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.186400890 CEST50205443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.186415911 CEST4435020578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.200509071 CEST4435020478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.203371048 CEST4435018878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.203429937 CEST50188443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.205229998 CEST50205443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.229787111 CEST50206443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.229813099 CEST4435020678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.229854107 CEST50206443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.230130911 CEST50206443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.230138063 CEST4435020678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.239936113 CEST4435018978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.239942074 CEST50206443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.239979982 CEST50189443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.252496958 CEST4435020578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.260759115 CEST50207443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.260773897 CEST4435020778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.260849953 CEST50207443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.261199951 CEST50207443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.261210918 CEST4435020778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.271615028 CEST50207443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.284492016 CEST4435020678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.286401987 CEST4435019078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.286449909 CEST50190443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.307732105 CEST50208443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.307768106 CEST4435020878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.307822943 CEST50208443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.308106899 CEST50208443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.308118105 CEST4435020878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.316492081 CEST4435020778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.317286015 CEST50208443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.326759100 CEST4435019178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.326864004 CEST4435019178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.326906919 CEST50191443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.330317020 CEST50191443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.347733974 CEST50209443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.347765923 CEST4435020978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.347913027 CEST50209443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.348450899 CEST50209443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.348464966 CEST4435020978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.364490986 CEST4435020878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.367238045 CEST50209443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.395550966 CEST4435019378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.395636082 CEST50193443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.400737047 CEST50210443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.400748968 CEST4435021078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.400808096 CEST50210443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.401050091 CEST50210443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.401057005 CEST4435021078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.407371044 CEST50210443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.410116911 CEST4435019478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.410212994 CEST50194443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.412502050 CEST4435020978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.431698084 CEST50211443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.431710005 CEST4435021178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.431760073 CEST50211443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.431981087 CEST50211443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.431991100 CEST4435021178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.437406063 CEST4435019578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.437477112 CEST50195443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.440459013 CEST50211443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.441827059 CEST4435019278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.441885948 CEST50192443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.448503017 CEST4435021078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.462881088 CEST50212443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.462896109 CEST4435021278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.462970018 CEST50212443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.463237047 CEST50212443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.463243961 CEST4435021278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.465213060 CEST50212443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.484504938 CEST4435021178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.489384890 CEST4435019678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.489499092 CEST50196443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.489506006 CEST4435019678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.489552021 CEST50196443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.494518042 CEST50213443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.494534969 CEST4435021378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.494599104 CEST50213443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.494857073 CEST50213443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.494868040 CEST4435021378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.500415087 CEST50213443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.509826899 CEST4435019778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.509876013 CEST50197443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.512494087 CEST4435021278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.527462006 CEST50214443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.527472973 CEST4435021478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.527580976 CEST50214443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.527930975 CEST50214443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.527940035 CEST4435021478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.537055969 CEST50214443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.540503979 CEST4435021378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.572299004 CEST50215443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.572313070 CEST4435021578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.572407961 CEST50215443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.572700977 CEST50215443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.572709084 CEST4435021578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.577986002 CEST50215443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.580502033 CEST4435021478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.594284058 CEST4435019978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.594321966 CEST50199443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.604186058 CEST50216443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.604193926 CEST4435021678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.604242086 CEST50216443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.605009079 CEST50216443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.605015039 CEST4435021678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.606792927 CEST4435020078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.606846094 CEST50200443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.622380972 CEST50216443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.624505043 CEST4435021578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.638058901 CEST4435020178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.638109922 CEST50201443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.664503098 CEST4435021678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.668785095 CEST50217443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.668804884 CEST4435021778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.668912888 CEST50217443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.669569016 CEST50217443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.669578075 CEST4435021778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.685765028 CEST50217443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.685847998 CEST4435020278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.685909033 CEST50202443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.708223104 CEST4435020378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.708267927 CEST50203443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.714551926 CEST50218443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.714560032 CEST4435021878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.714636087 CEST50218443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.714967966 CEST50218443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.714977980 CEST4435021878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.723151922 CEST50218443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.728496075 CEST4435021778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.745018959 CEST50219443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.745033026 CEST4435021978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.745174885 CEST50219443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.745407104 CEST50219443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.745414972 CEST4435021978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.750399113 CEST4435020478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.750452042 CEST50204443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.755048037 CEST50219443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.768485069 CEST4435021878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.776015997 CEST50220443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.776025057 CEST4435022078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.776094913 CEST50220443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.776403904 CEST50220443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.776411057 CEST4435022078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.783792019 CEST50220443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.800503969 CEST4435021978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.802834988 CEST4435020578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.802882910 CEST50205443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.807174921 CEST50221443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.807183981 CEST4435022178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.807233095 CEST50221443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.807495117 CEST50221443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.807502031 CEST4435022178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.815627098 CEST50221443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.824503899 CEST4435022078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.838124990 CEST50222443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.838134050 CEST4435022278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.838200092 CEST50222443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.838469028 CEST50222443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.838475943 CEST4435022278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.846354961 CEST50222443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.856501102 CEST4435022178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.865607023 CEST4435020678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.865660906 CEST50206443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.868853092 CEST50223443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.868865967 CEST4435022378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.868911028 CEST50223443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.869246006 CEST50223443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.869254112 CEST4435022378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.876585007 CEST4435020778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.876641989 CEST50207443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.877001047 CEST50223443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.892492056 CEST4435022278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.900492907 CEST50224443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.900517941 CEST4435022478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.900576115 CEST50224443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.900823116 CEST50224443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.900829077 CEST4435022478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.905409098 CEST50224443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.920502901 CEST4435022378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.932320118 CEST50225443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.932343960 CEST4435022578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.932399988 CEST50225443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.932663918 CEST50225443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.932673931 CEST4435022578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.934432983 CEST4435020878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.934487104 CEST50208443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.940861940 CEST50225443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.952493906 CEST4435022478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.962771893 CEST50226443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.962780952 CEST4435022678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.962837934 CEST50226443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.963068008 CEST50226443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.963078022 CEST4435022678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.969702005 CEST50226443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.984241962 CEST4435020978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.984302998 CEST50209443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.984502077 CEST4435022578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.994213104 CEST50227443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.994232893 CEST4435022778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:39.994290113 CEST50227443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.994560957 CEST50227443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:39.994573116 CEST4435022778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.000665903 CEST50227443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.016503096 CEST4435022678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.017960072 CEST4435021078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.018003941 CEST50210443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.030128956 CEST50228443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.030150890 CEST4435022878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.030309916 CEST50228443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.030554056 CEST50228443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.030560970 CEST4435022878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.036237955 CEST50228443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.044631004 CEST4435021178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.044687033 CEST50211443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.048502922 CEST4435022778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.056778908 CEST50229443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.056790113 CEST4435022978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.056896925 CEST50229443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.057183027 CEST50229443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.057193041 CEST4435022978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.062120914 CEST50229443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.076502085 CEST4435022878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.086630106 CEST4435021278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.086719990 CEST4435021278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.090332031 CEST50230443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.090341091 CEST4435023078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.090377092 CEST50212443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.090377092 CEST50212443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.090466022 CEST50230443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.094094038 CEST50230443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.094094038 CEST50230443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.094105005 CEST4435023078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.108505964 CEST4435022978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.117098093 CEST4435021378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.117207050 CEST4435021378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.118375063 CEST50213443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.118375063 CEST50213443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.118582010 CEST50231443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.118607998 CEST4435023178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.118871927 CEST50231443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.121625900 CEST50231443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.121625900 CEST50231443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.121638060 CEST4435023178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.140497923 CEST4435023078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.150321007 CEST50232443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.150329113 CEST4435023278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.154398918 CEST50232443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.155329943 CEST50232443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.155329943 CEST50232443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.155339956 CEST4435023278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.163647890 CEST4435021478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.163749933 CEST4435021478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.164496899 CEST4435023178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.164573908 CEST50214443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.164573908 CEST50214443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.181162119 CEST50233443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.181186914 CEST4435023378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.182416916 CEST50233443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.186321974 CEST50233443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.186332941 CEST4435023378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.188750982 CEST50233443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.189707041 CEST4435021578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.189810038 CEST4435021578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.189815998 CEST50215443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.189908981 CEST50215443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.196508884 CEST4435023278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.212342978 CEST50234443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.212352991 CEST4435023478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.212446928 CEST50234443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.212702990 CEST50234443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.212717056 CEST4435023478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.218261957 CEST50234443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.223995924 CEST4435021678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.224071026 CEST50216443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.232497931 CEST4435023378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.243880033 CEST50235443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.243900061 CEST4435023578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.246395111 CEST50235443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.246625900 CEST50235443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.246635914 CEST4435023578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.250771046 CEST50235443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.264493942 CEST4435023478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.274730921 CEST50236443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.274744987 CEST4435023678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.274909973 CEST50236443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.275243998 CEST50236443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.275250912 CEST4435023678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.281059980 CEST50236443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.288779974 CEST4435021778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.288850069 CEST50217443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.292503119 CEST4435023578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.306404114 CEST50237443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.306412935 CEST4435023778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.306514025 CEST50237443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.310322046 CEST50237443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.310328960 CEST4435023778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.314318895 CEST50237443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.324501038 CEST4435023678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.346318007 CEST50238443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.346326113 CEST4435023878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.346412897 CEST50238443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.347553015 CEST50238443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.347553015 CEST50238443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.347560883 CEST4435023878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.354049921 CEST4435021878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.354161024 CEST4435021878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.354259014 CEST50218443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.354259014 CEST50218443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.360497952 CEST4435023778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.365230083 CEST4435021978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.365324974 CEST4435021978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.365387917 CEST50219443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.365389109 CEST50219443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.370317936 CEST50239443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.370337963 CEST4435023978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.370506048 CEST50239443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.370779991 CEST50239443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.370784998 CEST4435023978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.373799086 CEST50239443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.388508081 CEST4435023878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.392986059 CEST4435022078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.393117905 CEST4435022078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.393189907 CEST50220443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.393189907 CEST50220443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.400876999 CEST50240443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.400918007 CEST4435024078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.401053905 CEST50240443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.401257992 CEST50240443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.401272058 CEST4435024078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.406197071 CEST50240443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.420495987 CEST4435023978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.432990074 CEST4435022178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.433083057 CEST4435022178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.433146000 CEST50221443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.433146000 CEST50221443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.433748960 CEST50241443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.433789015 CEST4435024178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.433958054 CEST50241443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.434243917 CEST50241443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.434257030 CEST4435024178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.445198059 CEST50241443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.452497959 CEST4435024078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.454619884 CEST4435022278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.454742908 CEST4435022278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.454799891 CEST50222443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.454799891 CEST50222443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.478651047 CEST50242443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.478677988 CEST4435024278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.478780031 CEST50242443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.479068995 CEST50242443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.479082108 CEST4435024278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.485344887 CEST4435022378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.485439062 CEST4435022378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.485455036 CEST50223443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.485636950 CEST50223443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.487226009 CEST50242443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.492489100 CEST4435024178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.510318995 CEST50243443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.510345936 CEST4435024378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.510515928 CEST50243443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.513856888 CEST50243443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.513856888 CEST50243443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.513875961 CEST4435024378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.527491093 CEST4435022478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.527578115 CEST4435022478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.527645111 CEST50224443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.527645111 CEST50224443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.528500080 CEST4435024278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.546317101 CEST50244443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.546334028 CEST4435024478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.546514034 CEST50244443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.560496092 CEST4435024378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.570471048 CEST4435022578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.570558071 CEST4435022578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.570735931 CEST50225443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.570735931 CEST50225443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.571602106 CEST50245443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.571614027 CEST4435024578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.571958065 CEST50245443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.572180033 CEST50245443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.572191954 CEST4435024578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.578318119 CEST50245443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.581773996 CEST4435022678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.581877947 CEST4435022678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.581990957 CEST50226443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.581990957 CEST50226443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.602771997 CEST50246443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.602782011 CEST4435024678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.602890968 CEST50246443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.603167057 CEST50246443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.603178024 CEST4435024678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.608375072 CEST4435022778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.608473063 CEST4435022778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.608501911 CEST50227443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.608887911 CEST50227443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.608942986 CEST50246443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.624500036 CEST4435024578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.634315014 CEST50247443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.634327888 CEST4435024778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.634510994 CEST50247443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.638317108 CEST50247443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.638329029 CEST4435024778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.642316103 CEST50247443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.651726961 CEST4435022878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.651799917 CEST50228443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.656496048 CEST4435024678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.666317940 CEST50248443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.666327000 CEST4435024878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.666410923 CEST50248443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.666718006 CEST50248443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.666729927 CEST4435024878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.668441057 CEST50248443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.672930002 CEST4435022978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.673026085 CEST4435022978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.673125982 CEST50229443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.673125982 CEST50229443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.684505939 CEST4435024778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.702323914 CEST50249443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.702353954 CEST4435024978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.703623056 CEST50249443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.706317902 CEST50249443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.706330061 CEST4435024978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.709273100 CEST50249443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.712497950 CEST4435024878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.713361979 CEST4435023078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.713459969 CEST4435023078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.713545084 CEST50230443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.713545084 CEST50230443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.728333950 CEST50250443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.728343964 CEST4435025078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.728517056 CEST50250443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.730315924 CEST50250443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.730326891 CEST4435025078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.734533072 CEST50250443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.756508112 CEST4435024978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.757420063 CEST4435023178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.757524014 CEST4435023178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.758383036 CEST50231443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.758383036 CEST50231443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.762314081 CEST50251443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.762341976 CEST4435025178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.762599945 CEST50251443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.762862921 CEST50251443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.762873888 CEST4435025178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.765305042 CEST50251443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.776499987 CEST4435025078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.790082932 CEST50252443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.790093899 CEST4435025278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.790225029 CEST50252443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.790658951 CEST50252443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.790669918 CEST4435025278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.795490026 CEST50252443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.801613092 CEST4435023278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.801708937 CEST4435023278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.801768064 CEST50232443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.801817894 CEST50232443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.808496952 CEST4435025178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.820694923 CEST4435023378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.820810080 CEST4435023378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.820899963 CEST50233443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.820899963 CEST50233443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.821619034 CEST50253443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.821630955 CEST4435025378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.821721077 CEST50253443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.822319031 CEST50253443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.822329998 CEST4435025378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.827832937 CEST50253443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.834127903 CEST4435023478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.834228039 CEST4435023478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.834254026 CEST50234443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.834438086 CEST50234443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.836503029 CEST4435025278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.853184938 CEST50254443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.853195906 CEST4435025478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.854360104 CEST50254443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.854780912 CEST50254443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.854792118 CEST4435025478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.858416080 CEST4435023578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.858515024 CEST4435023578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.858530998 CEST50235443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.858685017 CEST50235443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.859467983 CEST50254443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.872497082 CEST4435025378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.884150028 CEST50255443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.884175062 CEST4435025578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.884313107 CEST50255443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.884968996 CEST4435023678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.885009050 CEST50255443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.885023117 CEST4435025578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.885055065 CEST50236443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.887165070 CEST50255443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.904496908 CEST4435025478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.918318033 CEST50256443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.918344975 CEST4435025678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.918519020 CEST50256443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.918776035 CEST50256443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.918787003 CEST4435025678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.921173096 CEST50256443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.928503990 CEST4435025578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.950336933 CEST50257443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.950359106 CEST4435025778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.950634003 CEST50257443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.954329014 CEST50257443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.954341888 CEST4435025778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.955960989 CEST50257443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.964514971 CEST4435025678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.977734089 CEST50258443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.977756023 CEST4435025878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.977826118 CEST50258443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.978120089 CEST50258443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:40.978132963 CEST4435025878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:40.984355927 CEST50258443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.000495911 CEST4435025778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.009881973 CEST50259443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.009901047 CEST4435025978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.009977102 CEST50259443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.010318995 CEST50259443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.010330915 CEST4435025978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.017736912 CEST50259443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.028487921 CEST4435025878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.046760082 CEST50260443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.046787977 CEST4435026078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.046895027 CEST50260443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.047297955 CEST50260443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.047307014 CEST4435026078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.061073065 CEST50260443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.064500093 CEST4435025978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.089272976 CEST50261443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.089293957 CEST4435026178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.089349985 CEST50261443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.089699984 CEST50261443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.089708090 CEST4435026178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.104509115 CEST4435026078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.137362957 CEST4435023778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.137428999 CEST50237443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.139424086 CEST4435023878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.139475107 CEST50238443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.139589071 CEST4435023978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.139602900 CEST4435024078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.139602900 CEST4435024278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.139631033 CEST4435024178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.139635086 CEST50239443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.139652967 CEST50240443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.139669895 CEST50242443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.139698029 CEST50241443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.149970055 CEST4435024378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.150054932 CEST4435024378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.150100946 CEST50243443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.150100946 CEST50243443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.155103922 CEST50261443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.188414097 CEST4435024578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.188477993 CEST50245443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.200500011 CEST4435026178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.235706091 CEST50262443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.235726118 CEST4435026278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.235780954 CEST50262443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.236129045 CEST50262443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.236139059 CEST4435026278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.241522074 CEST4435024678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.241568089 CEST50246443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.255933046 CEST50262443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.262902975 CEST4435024778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.262948036 CEST50247443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.286196947 CEST4435024878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.286242008 CEST50248443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.296331882 CEST50263443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.296355963 CEST4435026378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.296411991 CEST50263443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.296804905 CEST50263443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.296814919 CEST4435026378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.300498962 CEST4435026278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.323997021 CEST50263443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.345293999 CEST4435025078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.345355988 CEST50250443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.356223106 CEST50264443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.356245995 CEST4435026478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.356308937 CEST50264443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.356587887 CEST50264443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.356597900 CEST4435026478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.363351107 CEST4435024978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.363408089 CEST50249443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.364496946 CEST4435026378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.377437115 CEST50264443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.385111094 CEST4435025178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.385209084 CEST4435025178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.385246038 CEST50251443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.385267973 CEST50251443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.419028997 CEST50265443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.419056892 CEST4435026578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.419164896 CEST50265443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.419476032 CEST50265443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.419486046 CEST4435026578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.424495935 CEST4435026478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.428929090 CEST4435025278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.428980112 CEST50252443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.431969881 CEST50265443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.440704107 CEST4435025378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.440757990 CEST50253443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.463167906 CEST50266443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.463179111 CEST4435026678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.463277102 CEST50266443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.463613987 CEST50266443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.463619947 CEST4435026678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.474108934 CEST50266443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.476505995 CEST4435026578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.479419947 CEST4435025478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.479474068 CEST50254443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.493798971 CEST50267443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.493818045 CEST4435026778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.493925095 CEST50267443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.494194984 CEST50267443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.494204998 CEST4435026778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.502496958 CEST50267443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.520497084 CEST4435026678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.525888920 CEST50268443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.525902033 CEST4435026878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.525974035 CEST50268443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.526190042 CEST4435025578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.526225090 CEST50268443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.526232958 CEST4435026878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.526248932 CEST50255443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.532263041 CEST50268443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.544492960 CEST4435026778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.556664944 CEST50269443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.556684017 CEST4435026978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.556766033 CEST50269443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.557038069 CEST50269443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.557046890 CEST4435026978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.559711933 CEST50269443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.572503090 CEST4435026878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.587629080 CEST50270443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.587651968 CEST4435027078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.587747097 CEST50270443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.587938070 CEST50270443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.587949038 CEST4435027078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.594481945 CEST50270443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.600500107 CEST4435026978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.619817972 CEST50271443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.619827986 CEST4435027178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.619870901 CEST50271443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.620105982 CEST50271443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.620112896 CEST4435027178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.627126932 CEST50271443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.640500069 CEST4435027078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.651019096 CEST50272443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.651055098 CEST4435027278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.651160002 CEST50272443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.651446104 CEST50272443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.651458979 CEST4435027278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.659491062 CEST50272443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.672498941 CEST4435027178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.682522058 CEST50273443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.682558060 CEST4435027378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.682612896 CEST50273443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.682887077 CEST50273443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.682898998 CEST4435027378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.690829992 CEST50273443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.704493999 CEST4435027278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.714468956 CEST50274443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.714478970 CEST4435027478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.714529037 CEST50274443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.714967012 CEST50274443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.714977026 CEST4435027478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.724946976 CEST50274443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.736491919 CEST4435027378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.744618893 CEST4435026178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.744673967 CEST50261443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.746364117 CEST4435025878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.746418953 CEST50258443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.767059088 CEST4435025678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.767148018 CEST4435025678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.767152071 CEST50256443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.767191887 CEST50256443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.771934986 CEST4435026078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.772026062 CEST4435026078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.772068024 CEST50260443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.772141933 CEST50260443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.772491932 CEST4435027478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.772890091 CEST4435025778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.772979975 CEST50257443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.772983074 CEST4435025778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.773063898 CEST50257443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.774853945 CEST4435025978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.774918079 CEST50259443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.777431965 CEST50275443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.777451038 CEST4435027578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.777540922 CEST50275443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.777892113 CEST50275443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.777908087 CEST4435027578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.786273003 CEST50275443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.809895039 CEST50276443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.809907913 CEST4435027678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.809988976 CEST50276443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.810452938 CEST50276443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.810467958 CEST4435027678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.832499981 CEST4435027578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.842310905 CEST50276443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.853401899 CEST4435026278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.853492975 CEST4435026278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.853509903 CEST50262443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.853528023 CEST50262443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.872565031 CEST50277443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.872577906 CEST4435027778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.872632027 CEST50277443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.873181105 CEST50277443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.873191118 CEST4435027778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.884493113 CEST4435027678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.887924910 CEST50277443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.910897970 CEST4435026378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.910948992 CEST50263443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.916971922 CEST50278443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.916981936 CEST4435027878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.917046070 CEST50278443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.917614937 CEST50278443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.917625904 CEST4435027878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.932493925 CEST4435027778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.934585094 CEST50278443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.962122917 CEST50279443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.962152004 CEST4435027978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.962243080 CEST50279443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.962553978 CEST50279443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.962565899 CEST4435027978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.968638897 CEST50279443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.976505995 CEST4435027878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.993586063 CEST50280443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.993593931 CEST4435028078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.993648052 CEST50280443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.993978024 CEST50280443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.993989944 CEST4435028078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.995524883 CEST4435026478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:41.995593071 CEST50264443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:41.997453928 CEST50280443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.016493082 CEST4435027978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.024538040 CEST50281443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.024557114 CEST4435028178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.024636984 CEST50281443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.024920940 CEST50281443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.024930000 CEST4435028178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.033272028 CEST50281443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.044497013 CEST4435028078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.051845074 CEST4435026578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.051944971 CEST4435026578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.051992893 CEST50265443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.052009106 CEST50265443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.061690092 CEST50282443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.061721087 CEST4435028278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.061821938 CEST50282443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.062290907 CEST50282443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.062304020 CEST4435028278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.076500893 CEST4435028178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.085020065 CEST4435026678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.085094929 CEST50266443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.086493969 CEST50282443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.118419886 CEST50283443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.118449926 CEST4435028378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.119102001 CEST4435026778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.119189978 CEST50283443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.119196892 CEST50267443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.119199991 CEST4435026778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.119517088 CEST50283443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.119527102 CEST4435028378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.119590044 CEST50267443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.125473976 CEST50283443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.132494926 CEST4435028278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.147083044 CEST4435026878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.147176981 CEST4435026878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.150327921 CEST50284443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.150340080 CEST4435028478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.150369883 CEST50268443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.150415897 CEST50284443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.150418997 CEST50268443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.150641918 CEST50284443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.150652885 CEST4435028478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.156204939 CEST50284443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.172492981 CEST4435028378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.180411100 CEST4435026978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.180517912 CEST50269443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.180519104 CEST4435026978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.181345940 CEST50285443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.181356907 CEST4435028578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.181416035 CEST50269443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.181504011 CEST50285443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.182326078 CEST50285443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.182337046 CEST4435028578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.190324068 CEST50285443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.200496912 CEST4435028478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.207654953 CEST4435027078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.207748890 CEST4435027078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.210369110 CEST50270443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.210369110 CEST50270443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.212537050 CEST50286443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.212546110 CEST4435028678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.212709904 CEST50286443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.214312077 CEST50286443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.214312077 CEST50286443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.214324951 CEST4435028678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.236495972 CEST4435028578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.237966061 CEST4435027178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.238064051 CEST4435027178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.238161087 CEST50271443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.238161087 CEST50271443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.243406057 CEST50287443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.243415117 CEST4435028778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.246465921 CEST50287443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.250262976 CEST50287443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.250262976 CEST50287443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.250273943 CEST4435028778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.260493040 CEST4435028678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.278321981 CEST50288443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.278351068 CEST4435028878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.282536030 CEST50288443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.283159018 CEST50288443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.283159018 CEST50288443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.283173084 CEST4435028878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.287897110 CEST4435027278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.287991047 CEST4435027278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.288007975 CEST50272443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.288162947 CEST50272443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.296492100 CEST4435028778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.297569990 CEST4435027378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.297689915 CEST4435027378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.297770977 CEST50273443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.297770977 CEST50273443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.305847883 CEST50289443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.305871010 CEST4435028978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.306457043 CEST50289443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.310323000 CEST50289443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.310334921 CEST4435028978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.314203978 CEST50289443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.324491978 CEST4435028878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.326400995 CEST4435027478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.326482058 CEST4435027478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.326507092 CEST50274443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.326597929 CEST50274443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.338330984 CEST50290443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.338340998 CEST4435029078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.342431068 CEST50290443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.343235016 CEST50290443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.343235016 CEST50290443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.343245983 CEST4435029078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.360491037 CEST4435028978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.370325089 CEST50291443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.370349884 CEST4435029178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.374409914 CEST50291443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.388489962 CEST4435029078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.401223898 CEST4435027578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.401343107 CEST4435027578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.401424885 CEST50275443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.401424885 CEST50275443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.406322956 CEST50292443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.406332016 CEST4435029278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.406449080 CEST50292443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.409991026 CEST50292443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.409991026 CEST50292443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.410005093 CEST4435029278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.431088924 CEST50293443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.431103945 CEST4435029378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.432101965 CEST4435027678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.432192087 CEST50293443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.432195902 CEST4435027678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.432197094 CEST50276443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.432346106 CEST50276443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.432512045 CEST50293443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.432524920 CEST4435029378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.433480024 CEST50293443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.452502012 CEST4435029278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.462320089 CEST50294443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.462328911 CEST4435029478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.462410927 CEST50294443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.462661028 CEST50294443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.462677956 CEST4435029478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.470316887 CEST50294443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.480494976 CEST4435029378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.494108915 CEST4435027778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.494220018 CEST4435027778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.494251013 CEST50277443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.494302988 CEST50295443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.494313002 CEST4435029578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.494407892 CEST50277443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.494489908 CEST50295443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.494774103 CEST50295443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.494790077 CEST4435029578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.502319098 CEST50295443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.516494036 CEST4435029478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.526321888 CEST50296443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.526330948 CEST4435029678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.526423931 CEST50296443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.530322075 CEST50296443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.530330896 CEST4435029678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.534320116 CEST50296443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.548495054 CEST4435029578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.552225113 CEST4435027878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.552336931 CEST4435027878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.552398920 CEST50278443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.552398920 CEST50278443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.558322906 CEST50297443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.558335066 CEST4435029778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.558466911 CEST50297443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.559010983 CEST50297443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.559021950 CEST4435029778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.562318087 CEST50297443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.576505899 CEST4435029678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.578674078 CEST4435027978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.578775883 CEST4435027978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.578846931 CEST50279443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.578846931 CEST50279443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.587193012 CEST50298443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.587201118 CEST4435029878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.587352991 CEST50298443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.587683916 CEST50298443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.587697983 CEST4435029878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.598320007 CEST50298443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.608493090 CEST4435029778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.612436056 CEST4435028078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.612566948 CEST4435028078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.612572908 CEST50280443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.612778902 CEST50280443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.621083021 CEST50299443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.621095896 CEST4435029978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.621311903 CEST50299443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.621684074 CEST50299443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.621695042 CEST4435029978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.626496077 CEST50299443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.640492916 CEST4435029878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.640741110 CEST4435028178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.640829086 CEST4435028178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.640841007 CEST50281443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.640955925 CEST50281443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.653366089 CEST50300443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.653374910 CEST4435030078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.653518915 CEST50300443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.672493935 CEST4435029978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.682326078 CEST50301443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.682336092 CEST4435030178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.682425022 CEST50301443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.686321020 CEST50301443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.686331034 CEST4435030178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.688225031 CEST50301443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.704257965 CEST4435028278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.704333067 CEST50282443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.712138891 CEST50302443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.712160110 CEST4435030278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.712259054 CEST50302443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.712585926 CEST50302443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.712594032 CEST4435030278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.722322941 CEST50302443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.731012106 CEST4435028378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.731118917 CEST4435028378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.731209040 CEST50283443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.731209040 CEST50283443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.732502937 CEST4435030178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.746320009 CEST50303443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.746332884 CEST4435030378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.746427059 CEST50303443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.751455069 CEST50303443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.751463890 CEST4435030378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.757057905 CEST50303443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.768496037 CEST4435030278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.769659042 CEST4435028478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.769769907 CEST4435028478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.769790888 CEST50284443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.770102024 CEST50284443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.790704012 CEST50304443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.790745974 CEST4435030478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.790937901 CEST50304443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.791042089 CEST50304443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.791054964 CEST4435030478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.797391891 CEST50304443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.804496050 CEST4435030378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.820167065 CEST4435028578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.820270061 CEST4435028578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.822325945 CEST50305443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.822376013 CEST4435030578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.822391033 CEST50285443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.822391987 CEST50285443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.822439909 CEST50305443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.822854042 CEST50305443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.822871923 CEST4435030578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.830319881 CEST50305443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.831813097 CEST4435028678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.831913948 CEST4435028678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.832124949 CEST50286443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.832124949 CEST50286443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.840500116 CEST4435030478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.854321003 CEST50306443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.854336023 CEST4435030678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.854487896 CEST50306443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.854778051 CEST50306443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.854789972 CEST4435030678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.859616041 CEST50306443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.869582891 CEST4435028778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.869676113 CEST4435028778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.869704962 CEST50287443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.870014906 CEST50287443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.876501083 CEST4435030578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.884460926 CEST50307443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.884476900 CEST4435030778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.884677887 CEST50307443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.885032892 CEST50307443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.885042906 CEST4435030778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.894315958 CEST50307443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.897819042 CEST4435028878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.897917032 CEST4435028878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.897989035 CEST50288443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.897989988 CEST50288443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.900496006 CEST4435030678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.915739059 CEST50308443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.915771008 CEST4435030878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.918366909 CEST50308443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.918610096 CEST50308443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.918625116 CEST4435030878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.922578096 CEST50308443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.936506987 CEST4435030778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.946521997 CEST50309443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.946535110 CEST4435030978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.950434923 CEST50309443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.950949907 CEST4435028978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.950983047 CEST50309443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.950993061 CEST4435030978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.951026917 CEST50289443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.951797962 CEST50309443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.964504004 CEST4435030878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.969217062 CEST4435029078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.969314098 CEST4435029078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.969376087 CEST50290443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.969376087 CEST50290443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.978321075 CEST50310443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.978332043 CEST4435031078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.978405952 CEST50310443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.980298996 CEST50310443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.980298996 CEST50310443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:42.980308056 CEST4435031078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:42.996498108 CEST4435030978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.009145975 CEST50311443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.009182930 CEST4435031178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.010363102 CEST50311443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.010706902 CEST50311443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.010720015 CEST4435031178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.014775038 CEST50311443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.020502090 CEST4435031078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.041388988 CEST50312443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.041414022 CEST4435031278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.042393923 CEST50312443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.042407990 CEST4435029278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.042494059 CEST4435029278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.042524099 CEST50292443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.042665005 CEST50312443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.042675972 CEST4435031278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.042702913 CEST50292443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.050321102 CEST50312443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.050895929 CEST4435029378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.050998926 CEST4435029378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.051067114 CEST50293443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.051067114 CEST50293443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.056504965 CEST4435031178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.074321032 CEST50313443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.074340105 CEST4435031378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.074506044 CEST50313443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.074816942 CEST50313443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.074824095 CEST4435031378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.079343081 CEST50313443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.085869074 CEST4435029478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.085961103 CEST50294443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.085968018 CEST4435029478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.086180925 CEST50294443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.096508026 CEST4435031278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.109227896 CEST50314443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.109251976 CEST4435031478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.109303951 CEST50314443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.109556913 CEST50314443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.109565973 CEST4435031478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.119252920 CEST50314443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.124499083 CEST4435031378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.127804041 CEST4435029578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.127863884 CEST50295443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.151218891 CEST50315443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.151249886 CEST4435031578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.151308060 CEST50315443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.151603937 CEST50315443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.151616096 CEST4435031578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.160500050 CEST4435031478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.160660982 CEST4435029678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.160751104 CEST50296443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.161083937 CEST50315443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.171603918 CEST4435029778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.171654940 CEST50297443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.182337999 CEST50316443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.182349920 CEST4435031678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.182398081 CEST50316443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.182765961 CEST50316443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.182775021 CEST4435031678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.192652941 CEST50316443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.208498001 CEST4435031578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.215713978 CEST50317443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.215733051 CEST4435031778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.215789080 CEST50317443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.216094971 CEST50317443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.216104031 CEST4435031778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.224224091 CEST4435029878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.224275112 CEST50298443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.227260113 CEST50317443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.240490913 CEST4435031678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.243091106 CEST4435029978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.243247032 CEST50299443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.243252039 CEST4435029978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.243293047 CEST50299443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.261616945 CEST50318443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.261627913 CEST4435031878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.261677980 CEST50318443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.262032032 CEST50318443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.262041092 CEST4435031878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.272490025 CEST4435031778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.293886900 CEST50318443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.309891939 CEST4435030178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.309940100 CEST50301443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.323117971 CEST50319443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.323138952 CEST4435031978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.323194981 CEST50319443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.323401928 CEST50319443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.323410988 CEST4435031978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.336504936 CEST4435031878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.339829922 CEST50319443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.340651035 CEST4435030278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.340703011 CEST50302443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.369225979 CEST50320443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.369271994 CEST4435032078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.369328022 CEST50320443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.369571924 CEST50320443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.369584084 CEST4435032078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.376977921 CEST50320443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.384497881 CEST4435031978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.399409056 CEST4435030378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.399482965 CEST50303443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.400784016 CEST50321443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.400810003 CEST4435032178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.400857925 CEST50321443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.401141882 CEST50321443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.401151896 CEST4435032178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.410964966 CEST4435030478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.411016941 CEST50304443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.415076017 CEST50321443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.424489975 CEST4435032078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.453504086 CEST50322443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.453537941 CEST4435032278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.453597069 CEST50322443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.453811884 CEST50322443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.453821898 CEST4435032278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.458178997 CEST4435030578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.458252907 CEST50305443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.460489988 CEST4435032178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.464895964 CEST50322443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.471287966 CEST4435030678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.471333027 CEST50306443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.495532990 CEST50323443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.495553017 CEST4435032378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.495629072 CEST50323443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.495888948 CEST50323443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.495899916 CEST4435032378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.498616934 CEST4435030778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.498670101 CEST50307443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.508506060 CEST4435032278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.517868042 CEST50323443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.529154062 CEST4435030878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.529202938 CEST50308443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.540276051 CEST50324443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.540288925 CEST4435032478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.540371895 CEST50324443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.540597916 CEST50324443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.540613890 CEST4435032478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.546688080 CEST50324443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.560501099 CEST4435032378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.572206020 CEST50325443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.572215080 CEST4435032578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.572499037 CEST50325443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.572730064 CEST50325443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.572745085 CEST4435032578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.573324919 CEST4435030978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.573381901 CEST50309443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.580164909 CEST50325443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.588501930 CEST4435032478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.603079081 CEST50326443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.603097916 CEST4435032678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.603156090 CEST50326443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.603411913 CEST50326443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.603420019 CEST4435032678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.610203981 CEST50326443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.620497942 CEST4435032578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.632492065 CEST4435031178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.632493019 CEST4435031078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.632544041 CEST50311443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.632555008 CEST50310443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.635158062 CEST50327443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.635174990 CEST4435032778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.635248899 CEST50327443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.635544062 CEST50327443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.635555029 CEST4435032778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.640685081 CEST50327443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.655457973 CEST4435031278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.655502081 CEST50312443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.656502962 CEST4435032678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.666471958 CEST50328443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.666481972 CEST4435032878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.666708946 CEST50328443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.666909933 CEST50328443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.666920900 CEST4435032878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.680003881 CEST50328443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.688498020 CEST4435032778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.691832066 CEST4435031378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.691891909 CEST50313443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.713268042 CEST50329443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.713280916 CEST4435032978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.713345051 CEST50329443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.713639021 CEST50329443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.713649035 CEST4435032978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.722150087 CEST50329443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.724514008 CEST4435032878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.731657982 CEST4435031478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.731767893 CEST4435031478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.731795073 CEST50314443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.731817961 CEST50314443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.744417906 CEST50330443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.744427919 CEST4435033078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.744486094 CEST50330443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.744884014 CEST50330443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.744891882 CEST4435033078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.748399019 CEST50330443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.764506102 CEST4435032978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.776366949 CEST4435031578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.776424885 CEST50315443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.779866934 CEST50331443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.779891968 CEST4435033178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.779958010 CEST50331443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.780618906 CEST50331443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.780642033 CEST4435033178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.792494059 CEST4435033078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.800961971 CEST4435031678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.801018000 CEST50316443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.802835941 CEST50331443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.831571102 CEST4435031778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.831628084 CEST50317443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.838743925 CEST50332443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.838762045 CEST4435033278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.838816881 CEST50332443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.839154959 CEST50332443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.839164019 CEST4435033278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.846653938 CEST50332443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.848499060 CEST4435033178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.869340897 CEST50333443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.869359970 CEST4435033378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.869445086 CEST50333443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.869751930 CEST50333443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.869762897 CEST4435033378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.876621962 CEST4435031878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.876728058 CEST4435031878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.876771927 CEST50318443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.876782894 CEST50318443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.878143072 CEST50333443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.888497114 CEST4435033278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.900574923 CEST50334443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.900599003 CEST4435033478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.900662899 CEST50334443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.901021957 CEST50334443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.901036024 CEST4435033478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.908891916 CEST50334443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.924495935 CEST4435033378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.931729078 CEST50335443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.931754112 CEST4435033578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.931885958 CEST50335443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.932188034 CEST50335443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.932198048 CEST4435033578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.938090086 CEST50335443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.943003893 CEST4435031978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.943099022 CEST4435031978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.943147898 CEST50319443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.943147898 CEST50319443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.956505060 CEST4435033478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.962981939 CEST50336443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.963021994 CEST4435033678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.963078976 CEST50336443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.963342905 CEST50336443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.963357925 CEST4435033678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.967436075 CEST50336443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.984494925 CEST4435033578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.984853029 CEST4435032078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.984903097 CEST50320443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.993547916 CEST50337443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.993587017 CEST4435033778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.993674040 CEST50337443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.993911028 CEST50337443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:43.993922949 CEST4435033778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:43.999568939 CEST50337443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.008497953 CEST4435033678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.016717911 CEST4435032178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.016824961 CEST4435032178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.016875982 CEST50321443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.016875982 CEST50321443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.024936914 CEST50338443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.024945974 CEST4435033878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.025038958 CEST50338443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.025341034 CEST50338443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.025352001 CEST4435033878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.034101963 CEST50338443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.044498920 CEST4435033778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.056993008 CEST50339443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.057007074 CEST4435033978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.057065964 CEST50339443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.057313919 CEST50339443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.057323933 CEST4435033978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.065943956 CEST50339443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.072423935 CEST4435032278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.072490931 CEST50322443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.080493927 CEST4435033878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.088382959 CEST50340443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.088392973 CEST4435034078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.088454962 CEST50340443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.088695049 CEST50340443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.088705063 CEST4435034078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.097956896 CEST50340443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.112492085 CEST4435033978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.118436098 CEST50341443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.118462086 CEST4435034178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.118599892 CEST50341443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.122334957 CEST50341443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.122348070 CEST4435034178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.123594046 CEST50341443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.129884958 CEST4435032378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.129980087 CEST4435032378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.130059958 CEST50323443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.130059958 CEST50323443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.144490957 CEST4435034078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.156981945 CEST50342443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.156991959 CEST4435034278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.157151937 CEST50342443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.158332109 CEST50342443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.158341885 CEST4435034278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.164576054 CEST50342443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.168492079 CEST4435034178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.187077999 CEST4435032478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.187184095 CEST4435032478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.187258005 CEST50324443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.187258005 CEST50324443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.192944050 CEST4435032578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.193037033 CEST4435032578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.193100929 CEST50325443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.193100929 CEST50325443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.196614027 CEST50343443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.196636915 CEST4435034378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.198404074 CEST50343443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.202326059 CEST50343443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.202341080 CEST4435034378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.203571081 CEST50343443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.208492041 CEST4435034278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.230328083 CEST50344443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.230341911 CEST4435034478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.230438948 CEST50344443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.230957031 CEST50344443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.230967045 CEST4435034478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.238162041 CEST50344443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.246148109 CEST4435032678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.246246099 CEST4435032678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.246372938 CEST50326443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.246372938 CEST50326443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.248493910 CEST4435034378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.258917093 CEST50345443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.258928061 CEST4435034578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.258997917 CEST50345443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.259056091 CEST4435032778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.259139061 CEST4435032778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.259325027 CEST50345443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.259335995 CEST4435034578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.259381056 CEST50327443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.259381056 CEST50327443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.265449047 CEST50345443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.284492970 CEST4435034478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.290267944 CEST4435032878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.290381908 CEST4435032878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.290401936 CEST50346443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.290410042 CEST4435034678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.290437937 CEST50328443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.290478945 CEST50346443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.290488958 CEST50328443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.290759087 CEST50346443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.290770054 CEST4435034678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.293634892 CEST50346443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.312493086 CEST4435034578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.322325945 CEST50347443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.322335958 CEST4435034778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.326422930 CEST50347443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.327102900 CEST50347443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.327102900 CEST50347443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.327114105 CEST4435034778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.340493917 CEST4435034678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.342174053 CEST4435032978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.342257977 CEST4435032978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.342327118 CEST50329443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.342405081 CEST50329443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.354331970 CEST50348443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.354341030 CEST4435034878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.354475975 CEST50348443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.358043909 CEST50348443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.358043909 CEST50348443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.358057022 CEST4435034878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.372498035 CEST4435034778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.384021997 CEST50349443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.384032011 CEST4435034978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.386419058 CEST50349443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.389884949 CEST50349443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.389884949 CEST50349443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.389898062 CEST4435034978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.404494047 CEST4435034878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.407252073 CEST4435033178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.407346964 CEST4435033178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.410375118 CEST50331443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.410375118 CEST50331443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.418328047 CEST50350443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.418339014 CEST4435035078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.421279907 CEST50350443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.436494112 CEST4435034978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.443330050 CEST4435033078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.443454981 CEST4435033078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.446379900 CEST50330443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.446379900 CEST50330443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.446763039 CEST50351443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.446778059 CEST4435035178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.446846008 CEST50351443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.450331926 CEST50351443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.450341940 CEST4435035178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.453191042 CEST50351443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.481873989 CEST50352443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.481899023 CEST4435035278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.482088089 CEST50352443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.482325077 CEST50352443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.482336998 CEST4435035278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.484066963 CEST4435033278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.484173059 CEST4435033278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.484196901 CEST50332443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.486390114 CEST50332443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.487728119 CEST50352443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.489660025 CEST4435033378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.489762068 CEST4435033378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.489821911 CEST50333443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.489821911 CEST50333443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.500495911 CEST4435035178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.510334015 CEST50353443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.510365009 CEST4435035378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.514409065 CEST50353443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.528493881 CEST4435035278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.534024000 CEST4435033478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.534137011 CEST4435033478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.534404039 CEST50334443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.534404039 CEST50334443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.540977955 CEST50354443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.540987968 CEST4435035478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.542431116 CEST50354443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.546327114 CEST50354443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.546340942 CEST4435035478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.548237085 CEST50354443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.567709923 CEST4435033578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.567814112 CEST4435033578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.570386887 CEST50335443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.570386887 CEST50335443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.572969913 CEST50355443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.572982073 CEST4435035578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.573059082 CEST50355443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.573333025 CEST50355443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.573344946 CEST4435035578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.582654953 CEST50355443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.585688114 CEST4435033678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.585783005 CEST4435033678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.585814953 CEST50336443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.585941076 CEST50336443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.592494011 CEST4435035478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.603526115 CEST50356443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.603538990 CEST4435035678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.606437922 CEST50356443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.609647036 CEST50356443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.609647036 CEST50356443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.609663963 CEST4435035678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.609806061 CEST4435033778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.609873056 CEST50337443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.624502897 CEST4435035578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.634723902 CEST50357443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.634742975 CEST4435035778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.638467073 CEST50357443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.640742064 CEST50357443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.640742064 CEST50357443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.640755892 CEST4435035778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.652493000 CEST4435035678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.665815115 CEST50358443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.665846109 CEST4435035878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.665956020 CEST50358443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.666244984 CEST50358443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.666260004 CEST4435035878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.672439098 CEST50358443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.688494921 CEST4435035778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.697388887 CEST50359443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.697426081 CEST4435035978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.698376894 CEST50359443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.698729038 CEST50359443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.698740959 CEST4435035978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.704905987 CEST50359443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.716495037 CEST4435035878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.744333029 CEST50360443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.744379044 CEST4435036078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.745219946 CEST50360443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.745541096 CEST50360443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.745553970 CEST4435036078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.752492905 CEST4435035978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.752522945 CEST50360443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.778342009 CEST50361443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.778384924 CEST4435036178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.778496981 CEST50361443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.780936956 CEST50361443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.780936956 CEST50361443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.780951977 CEST4435036178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.796498060 CEST4435036078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.806328058 CEST50362443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.806366920 CEST4435036278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.810386896 CEST50362443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.810617924 CEST50362443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.810630083 CEST4435036278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.814327002 CEST50362443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.828491926 CEST4435036178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.844032049 CEST50363443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.844074965 CEST4435036378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.844208956 CEST50363443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.846324921 CEST50363443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.846340895 CEST4435036378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.850323915 CEST50363443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.860493898 CEST4435036278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.870326996 CEST50364443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.870362997 CEST4435036478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.870735884 CEST50364443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.870946884 CEST50364443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.870956898 CEST4435036478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.893672943 CEST50364443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.896496058 CEST4435036378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.899934053 CEST4435033978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.899959087 CEST4435034078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.899974108 CEST4435033878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.900039911 CEST50340443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.900039911 CEST50339443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.900103092 CEST50338443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.900430918 CEST4435034478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.900434017 CEST4435034178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.900501966 CEST50341443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.900501966 CEST50344443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.900656939 CEST4435034378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.900729895 CEST4435034278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.900810003 CEST4435034378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.900846958 CEST4435034578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.900861025 CEST50343443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.900862932 CEST50342443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.900863886 CEST4435034278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.900880098 CEST50343443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.900922060 CEST50345443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.900922060 CEST50342443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.910881042 CEST4435034678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.910964966 CEST4435034678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.911031008 CEST50346443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.911031008 CEST50346443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.918757915 CEST50365443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.918782949 CEST4435036578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.918889046 CEST50365443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.919771910 CEST50365443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.919780970 CEST4435036578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.929136038 CEST50365443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.940490961 CEST4435036478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.961684942 CEST4435034778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.961781025 CEST4435034778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.961882114 CEST50347443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.961882114 CEST50347443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.976492882 CEST4435036578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.993753910 CEST4435034878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.993837118 CEST4435034878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.994330883 CEST50366443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.994362116 CEST4435036678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:44.994366884 CEST50348443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.994366884 CEST50348443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.994448900 CEST50366443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.994709015 CEST50366443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:44.994719028 CEST4435036678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.000973940 CEST50366443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.010337114 CEST4435034978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.010451078 CEST50349443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.010452032 CEST4435034978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.010525942 CEST50349443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.048492908 CEST4435036678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.087619066 CEST4435035178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.087692976 CEST50351443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.103245974 CEST50367443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.103274107 CEST4435036778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.103322983 CEST50367443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.103693008 CEST50367443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.103703022 CEST4435036778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.107812881 CEST4435035278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.107856035 CEST50352443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.112519979 CEST50367443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.134630919 CEST50368443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.134665966 CEST4435036878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.134711027 CEST50368443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.134929895 CEST50368443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.134938955 CEST4435036878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.141575098 CEST50368443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.160490990 CEST4435036778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.165369034 CEST50369443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.165404081 CEST4435036978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.165463924 CEST50369443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.165793896 CEST50369443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.165802002 CEST4435036978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.169306993 CEST50369443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.188492060 CEST4435036878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.194715023 CEST4435035478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.194776058 CEST50354443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.197504997 CEST50370443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.197529078 CEST4435037078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.197578907 CEST50370443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.197840929 CEST50370443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.197846889 CEST4435037078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.205909014 CEST50370443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.216487885 CEST4435036978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.224236965 CEST4435035678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.224328995 CEST4435035678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.224378109 CEST50356443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.224396944 CEST50356443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.228117943 CEST50371443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.228135109 CEST4435037178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.228207111 CEST50371443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.228444099 CEST50371443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.228451014 CEST4435037178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.233493090 CEST50371443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.252497911 CEST4435037078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.253031015 CEST4435035778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.253081083 CEST50357443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.265820026 CEST50372443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.265844107 CEST4435037278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.265881062 CEST50372443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.266376019 CEST50372443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.266385078 CEST4435037278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.268623114 CEST4435035578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.268683910 CEST50355443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.280487061 CEST4435037178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.282188892 CEST50372443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.306673050 CEST50373443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.306680918 CEST4435037378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.306716919 CEST50373443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.307077885 CEST50373443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.307084084 CEST4435037378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.316920996 CEST50373443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.328489065 CEST4435037278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.340919018 CEST50374443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.340925932 CEST4435037478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.340971947 CEST50374443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.341188908 CEST50374443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.341193914 CEST4435037478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.364486933 CEST4435037378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.364985943 CEST50374443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.386178970 CEST50375443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.386209011 CEST4435037578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.386286974 CEST50375443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.386503935 CEST50375443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.386519909 CEST4435037578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.402537107 CEST50375443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.412487030 CEST4435037478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.432112932 CEST50376443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.432125092 CEST4435037678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.434355021 CEST50376443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.434576988 CEST50376443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.434585094 CEST4435037678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.437938929 CEST50376443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.448491096 CEST4435037578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.463651896 CEST50377443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.463665962 CEST4435037778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.463716984 CEST50377443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.464003086 CEST50377443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.464009047 CEST4435037778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.472095013 CEST50377443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.484486103 CEST4435037678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.499432087 CEST50378443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.499440908 CEST4435037878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.499480009 CEST50378443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.500407934 CEST50378443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.500416994 CEST4435037878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.507209063 CEST4435035878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.507323027 CEST4435035878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.507352114 CEST50358443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.507375002 CEST50358443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.509814978 CEST4435036078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.509865999 CEST50360443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.510189056 CEST4435035978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.510235071 CEST50359443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.513010979 CEST4435036178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.513062954 CEST50361443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.516488075 CEST4435037778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.519463062 CEST50378443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.528944969 CEST4435036278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.528985023 CEST50362443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.529896021 CEST4435036478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.529937029 CEST50364443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.538206100 CEST4435036378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.538264036 CEST50363443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.542715073 CEST50379443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.542749882 CEST4435037978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.542797089 CEST50379443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.544085979 CEST50379443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.544095039 CEST4435037978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.554191113 CEST50379443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.554755926 CEST4435036578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.554801941 CEST50365443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.564485073 CEST4435037878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.587596893 CEST50380443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.587615967 CEST4435038078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.587699890 CEST50380443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.588018894 CEST50380443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.588027000 CEST4435038078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.593727112 CEST50380443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.596499920 CEST4435037978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.617708921 CEST4435036678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.617784977 CEST50366443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.619627953 CEST50381443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.619658947 CEST4435038178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.619733095 CEST50381443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.620023012 CEST50381443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.620033026 CEST4435038178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.622416973 CEST50381443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.640491962 CEST4435038078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.650486946 CEST50382443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.650500059 CEST4435038278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.650564909 CEST50382443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.650917053 CEST50382443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.650924921 CEST4435038278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.657090902 CEST50382443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.668492079 CEST4435038178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.682507038 CEST50383443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.682538033 CEST4435038378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.682595968 CEST50383443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.683065891 CEST50383443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.683078051 CEST4435038378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.691742897 CEST50383443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.704489946 CEST4435038278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.713720083 CEST50384443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.713752031 CEST4435038478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.713798046 CEST50384443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.714107037 CEST50384443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.714122057 CEST4435038478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.720838070 CEST4435036778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.720886946 CEST50367443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.722332954 CEST50384443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.732489109 CEST4435038378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.745624065 CEST50385443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.745655060 CEST4435038578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.745701075 CEST50385443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.746083021 CEST50385443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.746097088 CEST4435038578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.754914045 CEST50385443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.762500048 CEST4435036878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.762550116 CEST50368443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.768490076 CEST4435038478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.778040886 CEST50386443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.778063059 CEST4435038678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.778125048 CEST50386443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.778568029 CEST50386443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.778574944 CEST4435038678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.790268898 CEST4435036978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.790332079 CEST50369443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.796186924 CEST50386443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.800489902 CEST4435038578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.824618101 CEST4435037078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.824666977 CEST50370443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.825686932 CEST50387443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.825707912 CEST4435038778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.825757027 CEST50387443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.826131105 CEST50387443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.826141119 CEST4435038778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.840492964 CEST4435038678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.844273090 CEST50387443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.857065916 CEST4435037178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.857129097 CEST50371443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.888489008 CEST4435038778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.889636993 CEST50388443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.889659882 CEST4435038878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.889708996 CEST50388443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.890099049 CEST50388443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.890105963 CEST4435038878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.909754992 CEST4435037278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.909810066 CEST50372443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.913501024 CEST50388443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.938805103 CEST4435037378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.938878059 CEST50373443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.948256969 CEST50389443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.948278904 CEST4435038978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.948355913 CEST50389443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.948689938 CEST50389443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.948697090 CEST4435038978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.952848911 CEST50389443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.960489988 CEST4435038878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.978820086 CEST50390443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.978831053 CEST4435039078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.978884935 CEST50390443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.979116917 CEST50390443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.979123116 CEST4435039078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.984241962 CEST4435037478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:45.984292984 CEST50374443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:45.986124992 CEST50390443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.000487089 CEST4435038978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.009263992 CEST50391443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.009284973 CEST4435039178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.009396076 CEST50391443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.009701014 CEST50391443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.009707928 CEST4435039178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.014642954 CEST50391443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.028489113 CEST4435039078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.031166077 CEST4435037578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.031215906 CEST50375443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.041066885 CEST50392443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.041085005 CEST4435039278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.041172028 CEST50392443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.041496038 CEST50392443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.041506052 CEST4435039278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.046854973 CEST50392443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.048511982 CEST4435037678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.048564911 CEST50376443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.056493044 CEST4435039178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.072477102 CEST50393443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.072496891 CEST4435039378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.072587967 CEST50393443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.072887897 CEST50393443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.072894096 CEST4435039378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.078373909 CEST50393443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.078768015 CEST4435037778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.078823090 CEST50377443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.092494011 CEST4435039278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.104125023 CEST50394443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.104132891 CEST4435039478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.106365919 CEST50394443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.106606960 CEST50394443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.106614113 CEST4435039478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.110239983 CEST50394443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.119045973 CEST4435037878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.119153023 CEST4435037878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.122364998 CEST50378443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.122364998 CEST50378443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.124485970 CEST4435039378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.134320974 CEST50395443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.134334087 CEST4435039578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.134536028 CEST50395443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.138320923 CEST50395443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.138328075 CEST4435039578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.139039993 CEST50395443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.156486034 CEST4435039478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.166322947 CEST50396443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.166332006 CEST4435039678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.166425943 CEST50396443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.166654110 CEST50396443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.166661978 CEST4435039678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.169037104 CEST50396443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.172374010 CEST4435037978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.172602892 CEST4435037978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.174372911 CEST50379443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.174372911 CEST50379443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.184489012 CEST4435039578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.202070951 CEST50397443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.202099085 CEST4435039778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.202203989 CEST50397443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.202549934 CEST50397443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.202559948 CEST4435039778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.205642939 CEST4435038078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.205748081 CEST4435038078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.206372023 CEST50380443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.206372023 CEST50380443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.208684921 CEST50397443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.216487885 CEST4435039678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.228316069 CEST50398443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.228332996 CEST4435039878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.228444099 CEST50398443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.228676081 CEST50398443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.228686094 CEST4435039878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.234102011 CEST50398443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.241875887 CEST4435038178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.241975069 CEST4435038178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.246376991 CEST50381443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.246376991 CEST50381443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.256488085 CEST4435039778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.259377003 CEST50399443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.259392023 CEST4435039978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.262427092 CEST50399443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.262976885 CEST50399443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.262983084 CEST4435039978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.264025927 CEST50399443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.270411968 CEST4435038278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.270513058 CEST4435038278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.274384022 CEST50382443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.274384022 CEST50382443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.280488968 CEST4435039878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.290333986 CEST50400443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.290368080 CEST4435040078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.290766954 CEST50400443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.290766954 CEST50400443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.290800095 CEST4435040078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.298326015 CEST50400443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.308487892 CEST4435039978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.318135977 CEST4435038378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.318226099 CEST4435038378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.318370104 CEST50383443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.318370104 CEST50383443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.321685076 CEST50401443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.321715117 CEST4435040178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.322041988 CEST50401443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.322195053 CEST50401443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.322202921 CEST4435040178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.327323914 CEST50401443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.331311941 CEST4435038478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.331407070 CEST4435038478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.334364891 CEST50384443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.334364891 CEST50384443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.344490051 CEST4435040078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.354325056 CEST50402443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.354335070 CEST4435040278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.354450941 CEST50402443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.354640961 CEST50402443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.354650974 CEST4435040278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.357646942 CEST50402443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.366513014 CEST4435038578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.366611958 CEST4435038578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.370384932 CEST50385443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.370384932 CEST50385443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.372488022 CEST4435040178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.386322021 CEST50403443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.386337042 CEST4435040378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.390512943 CEST50403443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.404485941 CEST4435040278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.409667015 CEST4435038678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.409763098 CEST4435038678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.411096096 CEST50386443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.411096096 CEST50386443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.418328047 CEST50404443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.418338060 CEST4435040478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.418468952 CEST50404443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.420963049 CEST50404443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.420963049 CEST50404443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.420973063 CEST4435040478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.446506023 CEST50405443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.446513891 CEST4435040578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.450431108 CEST50405443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.452028036 CEST50405443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.452037096 CEST4435040578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.454322100 CEST50405443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.458966970 CEST4435038778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.459074974 CEST4435038778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.459096909 CEST50387443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.459172964 CEST50387443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.468493938 CEST4435040478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.477947950 CEST50406443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.477957964 CEST4435040678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.478107929 CEST50406443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.478249073 CEST50406443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.478256941 CEST4435040678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.483251095 CEST50406443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.500487089 CEST4435040578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.505994081 CEST4435038878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.506073952 CEST50388443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.506077051 CEST4435038878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.506187916 CEST50388443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.510324955 CEST50407443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.510334969 CEST4435040778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.510478020 CEST50407443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.510710001 CEST50407443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.510716915 CEST4435040778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.516335011 CEST50407443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.528486013 CEST4435040678.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.546230078 CEST50408443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.546236992 CEST4435040878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.546323061 CEST50408443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.546807051 CEST50408443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.546813965 CEST4435040878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.555468082 CEST50408443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.556487083 CEST4435040778.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.590337992 CEST50409443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.590346098 CEST4435040978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.590456009 CEST50409443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.590671062 CEST50409443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.590677977 CEST4435040978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.592330933 CEST50409443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.592360973 CEST4435039078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.592463017 CEST4435039078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.592468023 CEST50390443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.592573881 CEST50390443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.593643904 CEST4435038978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.593728065 CEST4435038978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.593751907 CEST50389443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.593930006 CEST50389443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.600486040 CEST4435040878.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.622325897 CEST50410443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.622333050 CEST4435041078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.622419119 CEST50410443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.624464035 CEST4435039178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.624496937 CEST50410443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.624504089 CEST4435041078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.624564886 CEST4435039178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.624566078 CEST50391443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.625104904 CEST50391443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.627824068 CEST50410443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.636487007 CEST4435040978.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.650897980 CEST50411443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.650906086 CEST4435041178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.650979042 CEST50411443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.651316881 CEST50411443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.651329041 CEST4435041178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.656605959 CEST50411443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.661058903 CEST4435039278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.661156893 CEST4435039278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.661240101 CEST50392443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.661278009 CEST50392443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.672486067 CEST4435041078.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.681314945 CEST50412443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.681324005 CEST4435041278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.681477070 CEST50412443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.681698084 CEST50412443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.681704998 CEST4435041278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.690327883 CEST50412443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.704488039 CEST4435041178.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.712671041 CEST4435039378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.712759972 CEST4435039378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.712760925 CEST50393443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.712866068 CEST50393443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.713025093 CEST50413443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.713032961 CEST4435041378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.713124990 CEST50413443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.713450909 CEST50413443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.713458061 CEST4435041378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.717147112 CEST50413443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.726502895 CEST4435039478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.726610899 CEST4435039478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.726694107 CEST50394443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.726694107 CEST50394443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.736485004 CEST4435041278.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.746329069 CEST50414443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.746335983 CEST4435041478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.746414900 CEST50414443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.749433994 CEST50414443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.749433994 CEST50414443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.749442101 CEST4435041478.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.758097887 CEST4435039578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.758166075 CEST4435039578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.758388042 CEST50395443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.758388042 CEST50395443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.764486074 CEST4435041378.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.775042057 CEST50415443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.775049925 CEST4435041578.47.165.25192.168.2.4
                                                        Sep 3, 2024 10:02:46.775115967 CEST50415443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.775356054 CEST50415443192.168.2.478.47.165.25
                                                        Sep 3, 2024 10:02:46.775367022 CEST4435041578.47.165.25192.168.2.4

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Sep 3, 2024 10:01:01.267929077 CEST192.168.2.41.1.1.10xb020Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:01:39.400116920 CEST192.168.2.41.1.1.10xa0a9Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:02:17.494194984 CEST192.168.2.41.1.1.10x6640Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:02:58.966361046 CEST192.168.2.41.1.1.10x3190Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:03:59.420542002 CEST192.168.2.41.1.1.10x19d3Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:04:58.963076115 CEST192.168.2.41.1.1.10xfaf0Standard query (0)getscreen.meA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Sep 3, 2024 10:01:01.275719881 CEST1.1.1.1192.168.2.40xb020No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:01:01.275719881 CEST1.1.1.1192.168.2.40xb020No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:01:01.275719881 CEST1.1.1.1192.168.2.40xb020No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:01:39.412869930 CEST1.1.1.1192.168.2.40xa0a9No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:01:39.412869930 CEST1.1.1.1192.168.2.40xa0a9No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:01:39.412869930 CEST1.1.1.1192.168.2.40xa0a9No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:02:17.503490925 CEST1.1.1.1192.168.2.40x6640No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:02:17.503490925 CEST1.1.1.1192.168.2.40x6640No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:02:17.503490925 CEST1.1.1.1192.168.2.40x6640No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:02:58.979249001 CEST1.1.1.1192.168.2.40x3190No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:02:58.979249001 CEST1.1.1.1192.168.2.40x3190No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:02:58.979249001 CEST1.1.1.1192.168.2.40x3190No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:03:59.428718090 CEST1.1.1.1192.168.2.40x19d3No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:03:59.428718090 CEST1.1.1.1192.168.2.40x19d3No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:03:59.428718090 CEST1.1.1.1192.168.2.40x19d3No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:04:58.971921921 CEST1.1.1.1192.168.2.40xfaf0No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:04:58.971921921 CEST1.1.1.1192.168.2.40xfaf0No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                                        Sep 3, 2024 10:04:58.971921921 CEST1.1.1.1192.168.2.40xfaf0No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.4497325.75.168.1914435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:01:01 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:01:02 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:01:02 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 3
                                                        server: lb2.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:01:02 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.4497335.75.168.1914435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:01:14 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:01:14 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:01:14 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 3
                                                        server: lb2.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:01:14 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.4497405.75.168.1914435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:01:33 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:01:33 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:01:33 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 3
                                                        server: lb2.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:01:33 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.44974178.47.165.254435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:01:40 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:01:40 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:01:40 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 0
                                                        server: lb1.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:01:40 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.44974278.47.165.254435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:01:51 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:01:51 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:01:51 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 0
                                                        server: lb1.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:01:51 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.44974478.47.165.254435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:02:05 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:02:06 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:02:05 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 0
                                                        server: lb1.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:02:06 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.44974578.47.165.254435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:02:08 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:02:08 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:02:08 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 1
                                                        server: lb1.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:02:08 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.44974678.47.165.254435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:02:13 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:02:13 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:02:13 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 1
                                                        server: lb1.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:02:13 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.44974778.47.165.254435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:02:18 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:02:18 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:02:18 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 1
                                                        server: lb1.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:02:18 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.45332778.47.165.254435104C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-03 08:05:06 UTC290OUTGET /signal/agent HTTP/1.1
                                                        Host: getscreen.me
                                                        Upgrade: websocket
                                                        Connection: Upgrade
                                                        Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                                        Origin: https://getscreen.me
                                                        Sec-WebSocket-Protocol: chat, superchat
                                                        Sec-WebSocket-Version: 13
                                                        User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                                        2024-09-03 08:05:06 UTC265INHTTP/1.1 400 Bad Request
                                                        content-type: text/plain; charset=utf-8
                                                        sec-websocket-version: 13
                                                        x-content-type-options: nosniff
                                                        date: Tue, 03 Sep 2024 08:05:06 GMT
                                                        content-length: 12
                                                        x-envoy-upstream-service-time: 0
                                                        server: lb1.getscreen.me
                                                        connection: close
                                                        2024-09-03 08:05:06 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                                        Data Ascii: Bad Request


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:04:00:57
                                                        Start date:03/09/2024
                                                        Path:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\getscreen-456311346-x86.exe"
                                                        Imagebase:0xde0000
                                                        File size:3'654'448 bytes
                                                        MD5 hash:DE8E90D5C46A3380029FB62D92744F41
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:false

                                                        General

                                                        Target ID:1
                                                        Start time:04:00:58
                                                        Start date:03/09/2024
                                                        Path:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\getscreen-456311346-x86.exe" -gpipe \\.\pipe\PCommand97bklgwatxqckevrc -gui
                                                        Imagebase:0xde0000
                                                        File size:3'654'448 bytes
                                                        MD5 hash:DE8E90D5C46A3380029FB62D92744F41
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:false

                                                        General

                                                        Target ID:2
                                                        Start time:04:00:58
                                                        Start date:03/09/2024
                                                        Path:C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\ProgramData\Getscreen.me\nloywbvdyuzspalcelrqazdxtexsaor-elevate.exe" -elevate \\.\pipe\elevateGS512nloywbvdyuzspalcelrqazdxtexsaor
                                                        Imagebase:0xc20000
                                                        File size:3'654'448 bytes
                                                        MD5 hash:DE8E90D5C46A3380029FB62D92744F41
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Antivirus matches:
                                                        • Detection: 0%, ReversingLabs
                                                        • Detection: 1%, Virustotal, Browse
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:3
                                                        Start time:04:01:00
                                                        Start date:03/09/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
                                                        Imagebase:0x7ff6eef20000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:4
                                                        Start time:04:01:01
                                                        Start date:03/09/2024
                                                        Path:C:\Users\user\Desktop\getscreen-456311346-x86.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\getscreen-456311346-x86.exe" -cpipe \\.\pipe\PCommand96wqtzgijhjvbbpwc -cmem 0000pipe0PCommand96wqtzgijhjvbbpwc02jg7o38si0vg44 -child
                                                        Imagebase:0xde0000
                                                        File size:3'654'448 bytes
                                                        MD5 hash:DE8E90D5C46A3380029FB62D92744F41
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:04:01:44
                                                        Start date:03/09/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                        Imagebase:0x7ff6eef20000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:1%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:2.9%
                                                          Total number of Nodes:241
                                                          Total number of Limit Nodes:9
                                                          execution_graph 13970 14ab62b 13971 14ab637 13970->13971 13972 14ab64b 13971->13972 13973 14ab63e GetLastError RtlExitUserThread 13971->13973 13976 14bf42c GetLastError 13972->13976 13973->13972 13975 14ab650 13977 14bf442 13976->13977 13989 14bf44c SetLastError 13977->13989 14012 14bf717 13977->14012 13980 14bf4dc 13980->13975 13981 14bf479 13982 14bf4b9 13981->13982 13983 14bf481 13981->13983 14021 14bf25a 13982->14021 14017 14bf066 13983->14017 13984 14bf4e1 13991 14bf717 3 API calls 13984->13991 13992 14bf4fe 13984->13992 13988 14bf503 13988->13975 13989->13980 13989->13984 13990 14bf066 ___free_lconv_mon 2 API calls 13990->13989 13994 14bf522 13991->13994 13992->13988 13993 14bf57d GetLastError 13992->13993 13995 14bf593 13993->13995 13996 14bf55e 13994->13996 13997 14bf52a 13994->13997 14002 14bf717 3 API calls 13995->14002 14009 14bf59d SetLastError 13995->14009 13998 14bf25a 4 API calls 13996->13998 13999 14bf066 ___free_lconv_mon 2 API calls 13997->13999 14001 14bf569 13998->14001 13999->13992 14003 14bf066 ___free_lconv_mon 2 API calls 14001->14003 14004 14bf5ca 14002->14004 14003->13988 14005 14bf60a 14004->14005 14006 14bf5d2 14004->14006 14008 14bf25a 4 API calls 14005->14008 14007 14bf066 ___free_lconv_mon 2 API calls 14006->14007 14007->14009 14010 14bf615 14008->14010 14009->13975 14011 14bf066 ___free_lconv_mon 2 API calls 14010->14011 14011->14009 14015 14bf724 14012->14015 14013 14bf74f RtlAllocateHeap 14014 14bf762 14013->14014 14013->14015 14014->13981 14015->14013 14015->14014 14026 14bbfcd 14015->14026 14018 14bf071 RtlFreeHeap 14017->14018 14020 14bf093 ___free_lconv_mon 14017->14020 14019 14bf086 GetLastError 14018->14019 14018->14020 14019->14020 14020->13989 14040 14bf0ee 14021->14040 14029 14bbff9 14026->14029 14030 14bc005 14029->14030 14035 14af2a5 RtlEnterCriticalSection 14030->14035 14032 14bc010 14036 14bc047 14032->14036 14035->14032 14039 14af2ed RtlLeaveCriticalSection 14036->14039 14038 14bbfd8 14038->14015 14039->14038 14041 14bf0fa 14040->14041 14054 14af2a5 RtlEnterCriticalSection 14041->14054 14043 14bf104 14055 14bf134 14043->14055 14046 14bf200 14047 14bf20c 14046->14047 14059 14af2a5 RtlEnterCriticalSection 14047->14059 14049 14bf216 14060 14bf3e1 14049->14060 14051 14bf22e 14064 14bf24e 14051->14064 14054->14043 14058 14af2ed RtlLeaveCriticalSection 14055->14058 14057 14bf122 14057->14046 14058->14057 14059->14049 14061 14bf417 14060->14061 14062 14bf3f0 14060->14062 14061->14051 14062->14061 14067 14cbdf2 14062->14067 14181 14af2ed RtlLeaveCriticalSection 14064->14181 14066 14bf23c 14066->13990 14068 14cbe72 14067->14068 14071 14cbe08 14067->14071 14069 14cbec0 14068->14069 14072 14bf066 ___free_lconv_mon 2 API calls 14068->14072 14135 14cbf63 14069->14135 14071->14068 14073 14cbe3b 14071->14073 14078 14bf066 ___free_lconv_mon 2 API calls 14071->14078 14074 14cbe94 14072->14074 14075 14cbe5d 14073->14075 14083 14bf066 ___free_lconv_mon 2 API calls 14073->14083 14076 14bf066 ___free_lconv_mon 2 API calls 14074->14076 14077 14bf066 ___free_lconv_mon 2 API calls 14075->14077 14079 14cbea7 14076->14079 14080 14cbe67 14077->14080 14082 14cbe30 14078->14082 14084 14bf066 ___free_lconv_mon 2 API calls 14079->14084 14085 14bf066 ___free_lconv_mon 2 API calls 14080->14085 14081 14cbf2e 14086 14bf066 ___free_lconv_mon 2 API calls 14081->14086 14095 14cb237 14082->14095 14088 14cbe52 14083->14088 14089 14cbeb5 14084->14089 14085->14068 14090 14cbf34 14086->14090 14123 14cb696 14088->14123 14093 14bf066 ___free_lconv_mon 2 API calls 14089->14093 14090->14061 14091 14cbece 14091->14081 14094 14bf066 RtlFreeHeap GetLastError ___free_lconv_mon 14091->14094 14093->14069 14094->14091 14096 14cb248 14095->14096 14122 14cb331 14095->14122 14097 14cb259 14096->14097 14098 14bf066 ___free_lconv_mon 2 API calls 14096->14098 14099 14cb26b 14097->14099 14101 14bf066 ___free_lconv_mon 2 API calls 14097->14101 14098->14097 14100 14cb27d 14099->14100 14102 14bf066 ___free_lconv_mon 2 API calls 14099->14102 14103 14cb28f 14100->14103 14104 14bf066 ___free_lconv_mon 2 API calls 14100->14104 14101->14099 14102->14100 14105 14cb2a1 14103->14105 14106 14bf066 ___free_lconv_mon 2 API calls 14103->14106 14104->14103 14107 14cb2b3 14105->14107 14109 14bf066 ___free_lconv_mon 2 API calls 14105->14109 14106->14105 14108 14cb2c5 14107->14108 14110 14bf066 ___free_lconv_mon 2 API calls 14107->14110 14111 14bf066 ___free_lconv_mon 2 API calls 14108->14111 14113 14cb2d7 14108->14113 14109->14107 14110->14108 14111->14113 14112 14cb2e9 14115 14cb2fb 14112->14115 14117 14bf066 ___free_lconv_mon 2 API calls 14112->14117 14113->14112 14114 14bf066 ___free_lconv_mon 2 API calls 14113->14114 14114->14112 14116 14cb30d 14115->14116 14118 14bf066 ___free_lconv_mon 2 API calls 14115->14118 14119 14cb31f 14116->14119 14120 14bf066 ___free_lconv_mon 2 API calls 14116->14120 14117->14115 14118->14116 14121 14bf066 ___free_lconv_mon 2 API calls 14119->14121 14119->14122 14120->14119 14121->14122 14122->14073 14124 14cb6a3 14123->14124 14134 14cb6fb 14123->14134 14125 14cb6b3 14124->14125 14126 14bf066 ___free_lconv_mon 2 API calls 14124->14126 14127 14cb6c5 14125->14127 14128 14bf066 ___free_lconv_mon 2 API calls 14125->14128 14126->14125 14129 14cb6d7 14127->14129 14131 14bf066 ___free_lconv_mon 2 API calls 14127->14131 14128->14127 14130 14cb6e9 14129->14130 14132 14bf066 ___free_lconv_mon 2 API calls 14129->14132 14133 14bf066 ___free_lconv_mon 2 API calls 14130->14133 14130->14134 14131->14129 14132->14130 14133->14134 14134->14075 14136 14cbf70 14135->14136 14137 14cbf8f 14135->14137 14136->14137 14141 14cbbbd 14136->14141 14137->14091 14140 14bf066 ___free_lconv_mon 2 API calls 14140->14137 14142 14cbc9b 14141->14142 14143 14cbbce 14141->14143 14142->14140 14177 14cb91c 14143->14177 14146 14cb91c 2 API calls 14147 14cbbe1 14146->14147 14148 14cb91c 2 API calls 14147->14148 14149 14cbbec 14148->14149 14150 14cb91c 2 API calls 14149->14150 14151 14cbbf7 14150->14151 14152 14cb91c 2 API calls 14151->14152 14153 14cbc05 14152->14153 14154 14bf066 ___free_lconv_mon 2 API calls 14153->14154 14155 14cbc10 14154->14155 14156 14bf066 ___free_lconv_mon 2 API calls 14155->14156 14157 14cbc1b 14156->14157 14158 14bf066 ___free_lconv_mon 2 API calls 14157->14158 14159 14cbc26 14158->14159 14160 14cb91c 2 API calls 14159->14160 14161 14cbc34 14160->14161 14162 14cb91c 2 API calls 14161->14162 14163 14cbc42 14162->14163 14164 14cb91c 2 API calls 14163->14164 14165 14cbc53 14164->14165 14166 14cb91c 2 API calls 14165->14166 14167 14cbc61 14166->14167 14168 14cb91c 2 API calls 14167->14168 14169 14cbc6f 14168->14169 14170 14bf066 ___free_lconv_mon 2 API calls 14169->14170 14171 14cbc7a 14170->14171 14172 14bf066 ___free_lconv_mon 2 API calls 14171->14172 14173 14cbc85 14172->14173 14174 14bf066 ___free_lconv_mon 2 API calls 14173->14174 14175 14cbc90 14174->14175 14176 14bf066 ___free_lconv_mon 2 API calls 14175->14176 14176->14142 14178 14cb92e 14177->14178 14179 14cb93d 14178->14179 14180 14bf066 ___free_lconv_mon 2 API calls 14178->14180 14179->14146 14180->14178 14181->14066 14182 25329e0 14183 25329f8 14182->14183 14184 2532b03 LoadLibraryA 14183->14184 14186 2532b2c GetProcAddress 14183->14186 14187 2532b48 VirtualProtect VirtualProtect 14183->14187 14184->14183 14186->14183 14189 2532b42 ExitProcess 14186->14189 14188 2532bc0 14187->14188 14190 e3d00a 14201 e3be18 14190->14201 14194 e3d01f 14217 ed2edc 14194->14217 14196 e3d030 14197 e3be18 11 API calls 14196->14197 14198 e3d049 14197->14198 14199 e3c13c 5 API calls 14198->14199 14200 e3d052 14199->14200 14202 e3be41 14201->14202 14203 e3be39 14201->14203 14228 149ff78 RtlAcquireSRWLockExclusive 14202->14228 14211 e3c13c 14203->14211 14205 e3be4b 14205->14203 14233 149fecc 14205->14233 14207 e3be5e 14240 e3be80 RtlInitializeCriticalSection TlsAlloc 14207->14240 14209 e3be6a 14241 149ff27 RtlAcquireSRWLockExclusive RtlReleaseSRWLockExclusive RtlWakeAllConditionVariable 14209->14241 14212 e3c153 TlsGetValue 14211->14212 14213 e3c14a 14211->14213 14215 e3c167 TlsSetValue 14212->14215 14216 e3c151 14212->14216 14246 e3c178 14213->14246 14215->14194 14216->14215 14218 ed300b 14217->14218 14222 ed2f33 14217->14222 14220 149ff78 3 API calls 14218->14220 14219 ed2fbf KiUserExceptionDispatcher 14219->14196 14221 ed3015 14220->14221 14221->14222 14224 ed3025 GetModuleHandleA GetProcAddress 14221->14224 14222->14219 14223 ed2f92 GetCurrentThread 14222->14223 14227 ed2fb5 SetThreadDescription 14223->14227 14249 149ff27 RtlAcquireSRWLockExclusive RtlReleaseSRWLockExclusive RtlWakeAllConditionVariable 14224->14249 14226 ed3059 14226->14222 14227->14219 14231 149ff8c 14228->14231 14229 149ff91 RtlReleaseSRWLockExclusive 14229->14205 14231->14229 14242 149ffc7 SleepConditionVariableSRW 14231->14242 14235 149fed1 14233->14235 14234 149feeb 14234->14207 14235->14234 14236 14bbfcd 2 API calls 14235->14236 14237 149feed 14235->14237 14236->14235 14243 14a23ce 14237->14243 14239 14a0ffb 14239->14207 14240->14209 14241->14203 14242->14231 14244 14a2415 KiUserExceptionDispatcher 14243->14244 14245 14a23e8 14243->14245 14244->14239 14245->14244 14247 149fecc 3 API calls 14246->14247 14248 e3c187 14247->14248 14248->14216 14249->14226 14250 f4b829 SetLastError 14251 f4b88c 14250->14251 14257 f4b841 14250->14257 14259 13bf1f8 14251->14259 14260 13bf206 Concurrency::cancel_current_task 14259->14260 14261 14a23ce Concurrency::cancel_current_task KiUserExceptionDispatcher 14260->14261 14262 13bf214 14261->14262 14263 14a5f15 14264 14bf066 ___free_lconv_mon 2 API calls 14263->14264 14265 14a5f2d 14264->14265

                                                          Executed Functions

                                                          Function 025329E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 14 25329e0-25329f0 15 2532a02-2532a07 14->15 16 2532a09 15->16 17 2532a0b 16->17 18 25329f8-25329fd 16->18 20 2532a10-2532a12 17->20 19 25329fe-2532a00 18->19 19->15 19->16 21 2532a14-2532a19 20->21 22 2532a1b-2532a1f 20->22 21->22 23 2532a21 22->23 24 2532a2c-2532a2f 22->24 25 2532a23-2532a2a 23->25 26 2532a4b-2532a50 23->26 27 2532a31-2532a36 24->27 28 2532a38-2532a3a 24->28 25->24 25->26 29 2532a63-2532a65 26->29 30 2532a52-2532a5b 26->30 27->28 28->20 33 2532a67-2532a6c 29->33 34 2532a6e 29->34 31 2532ad2-2532ad5 30->31 32 2532a5d-2532a61 30->32 35 2532ada 31->35 32->34 33->34 36 2532a70-2532a73 34->36 37 2532a3c-2532a3e 34->37 42 2532adc-2532ade 35->42 38 2532a75-2532a7a 36->38 39 2532a7c 36->39 40 2532a40-2532a45 37->40 41 2532a47-2532a49 37->41 38->39 39->37 45 2532a7e-2532a80 39->45 40->41 46 2532a9d-2532aac 41->46 43 2532ae0-2532ae3 42->43 44 2532af7 42->44 43->42 47 2532ae5-2532af5 43->47 48 2532afd-2532b01 44->48 49 2532a82-2532a87 45->49 50 2532a89-2532a8d 45->50 51 2532aae-2532ab5 46->51 52 2532abc-2532ac9 46->52 47->35 53 2532b03-2532b19 LoadLibraryA 48->53 54 2532b48-2532b4b 48->54 49->50 50->45 55 2532a8f 50->55 51->51 56 2532ab7 51->56 52->52 57 2532acb-2532acd 52->57 58 2532b1a-2532b1f 53->58 61 2532b4e-2532b55 54->61 59 2532a91-2532a98 55->59 60 2532a9a 55->60 56->19 57->19 58->48 62 2532b21-2532b23 58->62 59->45 59->60 60->46 63 2532b57-2532b59 61->63 64 2532b79-2532bbd VirtualProtect * 2 61->64 65 2532b25-2532b2b 62->65 66 2532b2c-2532b39 GetProcAddress 62->66 67 2532b5b-2532b6a 63->67 68 2532b6c-2532b77 63->68 69 2532bc0-2532bc1 64->69 65->66 70 2532b42 ExitProcess 66->70 71 2532b3b-2532b40 66->71 67->61 68->67 72 2532bc5-2532bc9 69->72 71->58 72->72 73 2532bcb 72->73
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(?), ref: 02532B13
                                                          • GetProcAddress.KERNELBASE(?,0250CFF9), ref: 02532B31
                                                          • ExitProcess.KERNEL32(?,0250CFF9), ref: 02532B42
                                                          • VirtualProtect.KERNELBASE(00DE0000,00001000,00000004,?,00000000), ref: 02532B90
                                                          • VirtualProtect.KERNELBASE(00DE0000,00001000), ref: 02532BA5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                          • String ID:
                                                          • API String ID: 1996367037-0
                                                          • Opcode ID: 9173673b5b8ef55a4d0515196a62ce7cc8b2d3ab3b3781f9ddf1fbdab8f5e92d
                                                          • Instruction ID: e3938d48c6732bd86530abfcc945211298ba0f09f287c68e92dac619ba0daa5d
                                                          • Opcode Fuzzy Hash: 9173673b5b8ef55a4d0515196a62ce7cc8b2d3ab3b3781f9ddf1fbdab8f5e92d
                                                          • Instruction Fuzzy Hash: 8C51F572610B125BE7324EB8CCC07A4BB95FB41224F181B38DDE2D72C6E7E45C0687A8
                                                          Function 00ED2EDC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 91threadlibraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetCurrentThread.KERNEL32 ref: 00ED2FA5
                                                          • SetThreadDescription.KERNELBASE(00000000,?), ref: 00ED2FBD
                                                          • KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,?), ref: 00ED2FEA
                                                          • GetModuleHandleA.KERNEL32(Kernel32.dll), ref: 00ED3031
                                                          • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 00ED303D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Thread$AddressCurrentDescriptionDispatcherExceptionHandleModuleProcUser
                                                          • String ID: Kernel32.dll$SetThreadDescription
                                                          • API String ID: 2856497764-1724334159
                                                          • Opcode ID: 01b59123dfc7ae6d40198758938e9fa6c03b88356318d18e49ae7fb186bdc5e8
                                                          • Instruction ID: 7171fb12231217c6e80d6120a33685eb81e5147f25c7a5f17aa63ed287f8c0dc
                                                          • Opcode Fuzzy Hash: 01b59123dfc7ae6d40198758938e9fa6c03b88356318d18e49ae7fb186bdc5e8
                                                          • Instruction Fuzzy Hash: E341B1B1D007459FDB20CF54DC48BA9BBB4FB9A320F14835EE865AB391D7744985CB81
                                                          Function 014BF42C Relevance: 5.2, APIs: 4, Instructions: 192COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 74 14bf42c-14bf440 GetLastError 75 14bf45c-14bf466 call 14c11f3 74->75 76 14bf442-14bf44a call 14c11b4 74->76 81 14bf468-14bf46a 75->81 82 14bf46c-14bf474 call 14bf717 75->82 83 14bf44c-14bf455 76->83 84 14bf457 76->84 85 14bf4d1-14bf4da SetLastError 81->85 87 14bf479-14bf47f 82->87 83->85 84->75 88 14bf4dc-14bf4e0 85->88 89 14bf4e1-14bf4f0 call 14a6463 85->89 90 14bf492-14bf4a0 call 14c11f3 87->90 91 14bf481-14bf490 call 14c11f3 87->91 98 14bf50a-14bf514 call 14c11f3 89->98 99 14bf4f2-14bf4fc call 14c11b4 89->99 102 14bf4b9-14bf4ce call 14bf25a call 14bf066 90->102 103 14bf4a2-14bf4b0 call 14c11f3 90->103 101 14bf4b1-14bf4b7 call 14bf066 91->101 112 14bf577-14bf591 call 14a6463 GetLastError 98->112 113 14bf516-14bf528 call 14bf717 98->113 115 14bf4fe-14bf501 99->115 116 14bf505 99->116 118 14bf4d0 101->118 102->118 103->101 130 14bf5ad-14bf5b7 call 14c11f3 112->130 131 14bf593-14bf59b call 14c11b4 112->131 126 14bf52a-14bf536 call 14c11f3 113->126 127 14bf53f-14bf54d call 14c11f3 113->127 115->112 117 14bf503 115->117 116->98 122 14bf573-14bf576 117->122 118->85 141 14bf537-14bf53d call 14bf066 126->141 138 14bf54f-14bf55c call 14c11f3 127->138 139 14bf55e-14bf570 call 14bf25a call 14bf066 127->139 146 14bf5b9-14bf5bb 130->146 147 14bf5bd-14bf5d0 call 14bf717 130->147 142 14bf5a8 131->142 143 14bf59d-14bf5a6 131->143 138->141 139->122 141->112 142->130 149 14bf622-14bf62d SetLastError 143->149 146->149 157 14bf5e3-14bf5f1 call 14c11f3 147->157 158 14bf5d2-14bf5e1 call 14c11f3 147->158 163 14bf60a-14bf61f call 14bf25a call 14bf066 157->163 164 14bf5f3-14bf601 call 14c11f3 157->164 165 14bf602-14bf608 call 14bf066 158->165 172 14bf621 163->172 164->165 165->172 172->149
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,014AB650,01600388,0000000C), ref: 014BF430
                                                          • SetLastError.KERNEL32(00000000), ref: 014BF4D2
                                                          • GetLastError.KERNEL32(00000000,?,014A5FDD,014BF0E3,?,?,0144F77A,0000000C,?,?,?,?,013C27D2,?,?,?), ref: 014BF581
                                                          • SetLastError.KERNEL32(00000000,000000FF,00000006), ref: 014BF623
                                                            • Part of subcall function 014BF717: RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 014BF758
                                                            • Part of subcall function 014BF066: RtlFreeHeap.NTDLL(00000000,00000000,?,014CB935,?,00000000,?,?,014CBBD6,?,00000007,?,?,014CBF89,?,?), ref: 014BF07C
                                                            • Part of subcall function 014BF066: GetLastError.KERNEL32(?,?,014CB935,?,00000000,?,?,014CBBD6,?,00000007,?,?,014CBF89,?,?), ref: 014BF087
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$Heap$AllocateFree
                                                          • String ID:
                                                          • API String ID: 2037364846-0
                                                          • Opcode ID: 90d6f8ab0ac74a47d60135fa9e88cb519d0fd87e9e5c9f91ef84f99a4c3297af
                                                          • Instruction ID: 5cb0085b22cb06c63bbaf92fcf41f43704df093b5bfc89347aced5f4e2d090db
                                                          • Opcode Fuzzy Hash: 90d6f8ab0ac74a47d60135fa9e88cb519d0fd87e9e5c9f91ef84f99a4c3297af
                                                          • Instruction Fuzzy Hash: DC514B796053127EE7213A7EACC0DAB364C9F75A64F04013FF61C9A1B2DE38491A8270
                                                          Function 00F4B829 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 175 f4b829-f4b83f SetLastError 176 f4b841-f4b84e 175->176 177 f4b88c-f4b8c0 call 13bf1f8 call 149fecc 175->177 183 f4b852-f4b854 176->183 184 f4b8e0-f4b8fc 177->184 185 f4b8c2-f4b8dd 177->185 186 f4b856-f4b85b 183->186 187 f4b883-f4b889 183->187 188 f4b903 184->188 189 f4b8fe-f4b901 184->189 185->184 190 f4b85d-f4b875 186->190 191 f4b87a-f4b880 call 149fc88 186->191 192 f4b906-f4b91e call 1332ba0 188->192 189->192 190->191 191->187
                                                          APIs
                                                          • SetLastError.KERNEL32(00000000), ref: 00F4B834
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00F4B88C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Concurrency::cancel_current_taskErrorLast
                                                          • String ID:
                                                          • API String ID: 523316592-0
                                                          • Opcode ID: 8cab4af46734b375e007fd31db8a58f48e1022d1821ac56a96500b12d8114e74
                                                          • Instruction ID: 60b3087726a993b885f9d95123d3a45a784f5117a1a300c8f512ff7da5d46885
                                                          • Opcode Fuzzy Hash: 8cab4af46734b375e007fd31db8a58f48e1022d1821ac56a96500b12d8114e74
                                                          • Instruction Fuzzy Hash: DA319075A003259FDB20DF69C884A6ABBB9FF98720B050529EE499B711D731FC40CBD0
                                                          Function 014AB62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetLastError.KERNEL32(01600388,0000000C), ref: 014AB63E
                                                          • RtlExitUserThread.NTDLL(00000000), ref: 014AB645
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorExitLastThreadUser
                                                          • String ID:
                                                          • API String ID: 1750398979-0
                                                          • Opcode ID: 87173ed42973fb33626ae3532110bc9fdea896bd8d8eef480a9251f6c8611eb4
                                                          • Instruction ID: 3468c4b2e2b220af5e3bee3b94d4aaa1ac2a0cb2f9a7761cd8e025ff6a13ab05
                                                          • Opcode Fuzzy Hash: 87173ed42973fb33626ae3532110bc9fdea896bd8d8eef480a9251f6c8611eb4
                                                          • Instruction Fuzzy Hash: C1F0C2B5A00206DFDB15AFB1C849BAF7BB4EF30A10F55015EE406DB2B2CB345941CBA1
                                                          Function 014BF066 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 219 14bf066-14bf06f 220 14bf09e-14bf09f 219->220 221 14bf071-14bf084 RtlFreeHeap 219->221 221->220 222 14bf086-14bf09d GetLastError call 14a5f3b call 14a5fd8 221->222 222->220
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000000,00000000,?,014CB935,?,00000000,?,?,014CBBD6,?,00000007,?,?,014CBF89,?,?), ref: 014BF07C
                                                          • GetLastError.KERNEL32(?,?,014CB935,?,00000000,?,?,014CBBD6,?,00000007,?,?,014CBF89,?,?), ref: 014BF087
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 485612231-0
                                                          • Opcode ID: e5821a4ea2546d4e05be0b459bae37e7307c17270b23e362474caf3db11a4b42
                                                          • Instruction ID: 1112e0d9b42796677b999d484ad5e69323254513fd9f5969fa9f5363e02ff070
                                                          • Opcode Fuzzy Hash: e5821a4ea2546d4e05be0b459bae37e7307c17270b23e362474caf3db11a4b42
                                                          • Instruction Fuzzy Hash: 5EE0867250020867DB312BA9EE087D93B9D9B20655F554025F70CDE170D670894087A4
                                                          Function 014A23CE Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 227 14a23ce-14a23e6 228 14a23e8-14a23eb 227->228 229 14a2415-14a2437 KiUserExceptionDispatcher 227->229 230 14a240b-14a240e 228->230 231 14a23ed-14a2409 228->231 230->229 232 14a2410 230->232 231->229 231->230 232->229
                                                          APIs
                                                          • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,00000001), ref: 014A242E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: DispatcherExceptionUser
                                                          • String ID:
                                                          • API String ID: 6842923-0
                                                          • Opcode ID: bc682a36c5fed0df6e9949f9e2162df8254097f20aa612d207b2836fbf7555ab
                                                          • Instruction ID: 2c79fca37d681ea37f60dd3ae8615439a7f45185797ce70af5d43f26aa63ffaf
                                                          • Opcode Fuzzy Hash: bc682a36c5fed0df6e9949f9e2162df8254097f20aa612d207b2836fbf7555ab
                                                          • Instruction Fuzzy Hash: 5A0184759002189BDB019F5CD484B9EBFB9EF58610F16416AEA05AB365D7B0D901CB90
                                                          Function 014BF717 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 235 14bf717-14bf722 236 14bf730-14bf736 235->236 237 14bf724-14bf72e 235->237 239 14bf738-14bf739 236->239 240 14bf74f-14bf760 RtlAllocateHeap 236->240 237->236 238 14bf764-14bf76f call 14a5fd8 237->238 244 14bf771-14bf773 238->244 239->240 241 14bf73b-14bf742 call 14be7a5 240->241 242 14bf762 240->242 241->238 248 14bf744-14bf74d call 14bbfcd 241->248 242->244 248->238 248->240
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 014BF758
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 1f7b26de6d0e7d87b4381f3aba53e343c9f92d175a3388434fa2b5273b50c40a
                                                          • Instruction ID: 528b70e07162356a720cf26719f8b2e5ba03a9131833310d6964dcd75bb5c65d
                                                          • Opcode Fuzzy Hash: 1f7b26de6d0e7d87b4381f3aba53e343c9f92d175a3388434fa2b5273b50c40a
                                                          • Instruction Fuzzy Hash: 93F0E93150022576AB216E6E9DC4BDB3B48AF51770B1540A7AD1CEB2B4CA30D40687F0

                                                          Non-executed Functions

                                                          Function 01457449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 807 1457449-145745b LoadLibraryA 808 145745d 807->808 809 145745e-14578e4 GetProcAddress * 63 call 146001b 807->809
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(wtsapi32.dll,01457168), ref: 0145744E
                                                          • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 0145746B
                                                          • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 0145747D
                                                          • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 0145748F
                                                          • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 014574A1
                                                          • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 014574B3
                                                          • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 014574C5
                                                          • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 014574D7
                                                          • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 014574E9
                                                          • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 014574FB
                                                          • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 0145750D
                                                          • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 0145751F
                                                          • GetProcAddress.KERNEL32(WTSCloseServer), ref: 01457531
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 01457543
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 01457555
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 01457567
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 01457579
                                                          • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 0145758B
                                                          • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 0145759D
                                                          • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 014575AF
                                                          • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 014575C1
                                                          • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 014575D3
                                                          • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 014575E5
                                                          • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 014575F7
                                                          • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 01457609
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$LibraryLoad
                                                          • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                                          • API String ID: 2238633743-2998606599
                                                          • Opcode ID: b38f5f2a0de4a089c1fdf8598ce5f7d8b52a38f8aa700efad22b506307645337
                                                          • Instruction ID: 83d468cc866cb106209045a3448907df60dd8af8f41ffcdcb28a25e61a403dac
                                                          • Opcode Fuzzy Hash: b38f5f2a0de4a089c1fdf8598ce5f7d8b52a38f8aa700efad22b506307645337
                                                          • Instruction Fuzzy Hash: FBB12BB4D84365EECB3B5F76AC4A84A3FA3F784674340C81AA4845A399DF756050DFE0
                                                          Function 0140E4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01456B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,0140E59B,00000001,00006060,00000010), ref: 01456B3E
                                                          • GetVersionExA.KERNEL32(?), ref: 0140E5CD
                                                          • GetNativeSystemInfo.KERNEL32(?), ref: 0140E5E7
                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0140E612
                                                          • primitives_get.GETSCREEN-456311346-X86 ref: 0140E6DC
                                                          • CreateThreadpool.KERNEL32(00000000), ref: 0140E6E2
                                                          Strings
                                                          • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 0140E605
                                                          • com.freerdp.codec.rfx, xrefs: 0140E530
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                                          • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                                          • API String ID: 3882483829-2530424157
                                                          • Opcode ID: 505245790de18be212945b62d775bcbe3b837ea84ccba3c31557be0a6cc5de8c
                                                          • Instruction ID: 7f3e491de9605c2f0c35b6fefb9c71a3e0982ea4f7dd77f9581cf6ad73d75b9a
                                                          • Opcode Fuzzy Hash: 505245790de18be212945b62d775bcbe3b837ea84ccba3c31557be0a6cc5de8c
                                                          • Instruction Fuzzy Hash: 1641D3B1A00706AFEB249F76CC84B56BBF8FF64600F40443FE509AB2A1DB70D9548B50
                                                          Function 0144E42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014542FB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                                          • API String ID: 689400697-3301108232
                                                          • Opcode ID: 1f604a01b05b3ce669045890f44420fd0aac548aa3d9cd20cc584c0a4cedc7c5
                                                          • Instruction ID: 801ee606d2970ab679cd941bf17cfdd0c3af973a1d87d097b2c4991d50f39215
                                                          • Opcode Fuzzy Hash: 1f604a01b05b3ce669045890f44420fd0aac548aa3d9cd20cc584c0a4cedc7c5
                                                          • Instruction Fuzzy Hash: 591126353803417BEB265A17AC42E2B3F9CF7A5A20F04401ABE00AD1F2E961DA50C760
                                                          Function 0144E437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014543BE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                                          • API String ID: 689400697-3976766517
                                                          • Opcode ID: b85e7a7fdbdc7ee31b1dcdf41892ef4a541cf403ff8605243bf333a1764dbb91
                                                          • Instruction ID: 26e513e13f484987e1d46c8d96563fd422ea28e630b437a1bbeeb9dc246c18a8
                                                          • Opcode Fuzzy Hash: b85e7a7fdbdc7ee31b1dcdf41892ef4a541cf403ff8605243bf333a1764dbb91
                                                          • Instruction Fuzzy Hash: 6011CB753C43457BE7615E57EC06E2B3E9CF765A20F04406AFE00AD1F1E971D9509760
                                                          Function 013F5E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • crypto_cert_fingerprint.GETSCREEN-456311346-X86(?), ref: 013F5E1C
                                                            • Part of subcall function 013F576E: crypto_cert_fingerprint_by_hash.GETSCREEN-456311346-X86(?,sha256), ref: 013F5779
                                                          • crypto_cert_issuer.GETSCREEN-456311346-X86(?), ref: 013F5E30
                                                          • crypto_cert_subject.GETSCREEN-456311346-X86(?,?), ref: 013F5E3A
                                                          • certificate_data_new.GETSCREEN-456311346-X86(?,?,00000000,00000000,00000000,?,?), ref: 013F5E4A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                                          • String ID:
                                                          • API String ID: 1865246629-0
                                                          • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                                          • Instruction ID: 1630365d8a9fedded445624c4c2fe7e06189de914b64cf3b9b01536dfad0b12b
                                                          • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                                          • Instruction Fuzzy Hash: B2E04F75101209BFDF122F6EDC04C9F7EADEF956E8B14812DBE0856130DA71CD1196A0
                                                          Function 00E589A0 Relevance: 5.1, Strings: 4, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Genu$OPENSSL_ia32cap$ineI$ntel
                                                          • API String ID: 0-3767422159
                                                          • Opcode ID: 4af73e1bf3174d3e745fdb0008a19329d2956568c5550d536a3e6835e3551ec9
                                                          • Instruction ID: 4ddcab4acdac3f161ad40712fa9013247d645d0531e928e1cdf84fb9a2eb2120
                                                          • Opcode Fuzzy Hash: 4af73e1bf3174d3e745fdb0008a19329d2956568c5550d536a3e6835e3551ec9
                                                          • Instruction Fuzzy Hash: 9E414FB2F0428E0BEF2C457AEC553BE3585A795364F34623FD916F22C0DB348D828A45
                                                          Function 01403F1C Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • crypto_base64_encode.GETSCREEN-456311346-X86(015EA688,00000000,00000000,00000000,00000000,?,013F5E4F,?,?,00000000,00000000,00000000,?,?), ref: 01403F7D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: crypto_base64_encode
                                                          • String ID:
                                                          • API String ID: 2528031924-0
                                                          • Opcode ID: 0c62239ba5fdb40ce557b388fb4a95e7a409f1b95b9806772168f75a8a0dda7e
                                                          • Instruction ID: b9682c12368f3bc7a42ffc900c22235fd2fff0db50a231dbceb0800587ab2d4f
                                                          • Opcode Fuzzy Hash: 0c62239ba5fdb40ce557b388fb4a95e7a409f1b95b9806772168f75a8a0dda7e
                                                          • Instruction Fuzzy Hash: F321AE719007039EEB32AF6B885485BBBE8FF74210715483FBA859A6F0EA31D4408B90
                                                          Function 014A61B5 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 014A62AD
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 014A62B7
                                                          • UnhandledExceptionFilter.KERNEL32(013C259A,?,?,?,?,?,00000000), ref: 014A62C4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                          • String ID:
                                                          • API String ID: 3906539128-0
                                                          • Opcode ID: 700570eabd1564773fc222f61ae5108149f32f5eda101b286a763409b771ed7f
                                                          • Instruction ID: 5bdddfb3479df31a7afae34aee268dd97e73d0805f9d56c2804639182f387739
                                                          • Opcode Fuzzy Hash: 700570eabd1564773fc222f61ae5108149f32f5eda101b286a763409b771ed7f
                                                          • Instruction Fuzzy Hash: 0F31D67590122D9BCB21DF29D8887CDBBF8BF18710F5141EAE41CA72A0EB749B858F44
                                                          Function 013F5B39 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • crypto_cert_subject.GETSCREEN-456311346-X86(?), ref: 013F5B42
                                                          • crypto_cert_issuer.GETSCREEN-456311346-X86(?,?), ref: 013F5B4C
                                                          • crypto_cert_fingerprint.GETSCREEN-456311346-X86(?,?,?), ref: 013F5B56
                                                            • Part of subcall function 013F576E: crypto_cert_fingerprint_by_hash.GETSCREEN-456311346-X86(?,sha256), ref: 013F5779
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: crypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                                          • String ID:
                                                          • API String ID: 727492566-0
                                                          • Opcode ID: fb15e757cac61d0c3a82461cea743c023acd0ce0490d80cb99ec987184bd0880
                                                          • Instruction ID: af7f197a8488d486dc2eafd60103366f7b125bc8f952512833476b75c96cf33f
                                                          • Opcode Fuzzy Hash: fb15e757cac61d0c3a82461cea743c023acd0ce0490d80cb99ec987184bd0880
                                                          • Instruction Fuzzy Hash: 69115E7570430367FE35AA7E9C15F1A2BCC9F206B8F14841DFA00EA2D1EE25D94046A4
                                                          Function 013F576E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • crypto_cert_fingerprint_by_hash.GETSCREEN-456311346-X86(?,sha256), ref: 013F5779
                                                            • Part of subcall function 013F5782: crypto_cert_hash.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,013F577E,?,sha256), ref: 013F5792
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: crypto_cert_fingerprint_by_hashcrypto_cert_hash
                                                          • String ID: sha256
                                                          • API String ID: 2885152359-1556616439
                                                          • Opcode ID: eabc03aedf017e8b2c5a18ff4aed698d6830a473bfe7258231309fefe7657da6
                                                          • Instruction ID: 801cca52ccd2ce9f02b45100b6c03bc94054e65b6cdc9adb716a74a67778714b
                                                          • Opcode Fuzzy Hash: eabc03aedf017e8b2c5a18ff4aed698d6830a473bfe7258231309fefe7657da6
                                                          • Instruction Fuzzy Hash: 75A0222000830CBBCA003A2BCC02C0A3E0CAB00882B000028BB002A0228BA2AA0200C0
                                                          Function 013F5782 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • crypto_cert_hash.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,013F577E,?,sha256), ref: 013F5792
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: crypto_cert_hash
                                                          • String ID:
                                                          • API String ID: 1547982073-0
                                                          • Opcode ID: 7460d84a63f73ef57bb7a90a7cbc953c30664581771c6989db31222eff5a1bf8
                                                          • Instruction ID: 5f6e198730fa2733e3f5df3549c34f350f76f4d77ef77e1f039b3b35f1ce44b1
                                                          • Opcode Fuzzy Hash: 7460d84a63f73ef57bb7a90a7cbc953c30664581771c6989db31222eff5a1bf8
                                                          • Instruction Fuzzy Hash: F9C09BB501010CBFEF065FC5CC45CEF7B6DEB04150B008115BA0445111F671BF1457B0
                                                          Function 013F5ABB Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 6f2c8adfc3a7746f7bcc21c7e8ebdf9c9b635e5e3cb3ad753f3208d9ff8683b7
                                                          • Instruction ID: 41d20f375da1037704c38e79147fcee06aedc98781e33e7ede42fe1ee3945f07
                                                          • Opcode Fuzzy Hash: 6f2c8adfc3a7746f7bcc21c7e8ebdf9c9b635e5e3cb3ad753f3208d9ff8683b7
                                                          • Instruction Fuzzy Hash: 4EF05E3261460DBAFB61AB99DC45E9B7BACDB406A8F14402AFB096A150D6719D009AA0
                                                          Function 00E101A0 Relevance: .3, Instructions: 322COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6911bbc7fba7bfa37f80c93ec724258e6ef59d0887fd888df80782c64390920e
                                                          • Instruction ID: 5cbbd405c2bacaa50c93c21532abda7a5c5f0929931b786e123565e0f5518846
                                                          • Opcode Fuzzy Hash: 6911bbc7fba7bfa37f80c93ec724258e6ef59d0887fd888df80782c64390920e
                                                          • Instruction Fuzzy Hash: C3E1C269C2DFD945E323573EA40326BE7A46FFB288F50EB1BBDD431C21EB6142456209
                                                          Function 00E46657 Relevance: .2, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0ce49d169abef2473bf176f5e96bb3a5011affb070f4c6915af0b290887c582f
                                                          • Instruction ID: d1527d7b0573ab2766f3e827f659d4a01c5372f3538179e48f36ad8a9b82199b
                                                          • Opcode Fuzzy Hash: 0ce49d169abef2473bf176f5e96bb3a5011affb070f4c6915af0b290887c582f
                                                          • Instruction Fuzzy Hash: D8A19E21C19FC546F70B7B355447260E330AFF3288B50EB06FDA178967EB61B6D85262
                                                          Function 00E09700 Relevance: .2, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6dffa5587db8dbf416fcc9094aec526d2278cff551d5ccb723d69df6c2a7dc64
                                                          • Instruction ID: e5f0f0b288c8847fe4ef3dff559c88ff7cff361a499efc2a02b77a470f2d1dba
                                                          • Opcode Fuzzy Hash: 6dffa5587db8dbf416fcc9094aec526d2278cff551d5ccb723d69df6c2a7dc64
                                                          • Instruction Fuzzy Hash: BD81CF21D18BC582E7228F3C94426AAF3A0BFD6318F54E719EDD476192FB71A6C58381
                                                          Function 01407B3F Relevance: .1, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23e0129a137a0c8fa706e72d5ffe065b280fddc9d007253371bac9054ba57163
                                                          • Instruction ID: 71b59c564ce4cc05b52e4929c99c636bdc8a1b83a3387d8ef1d1413e3edb5ed3
                                                          • Opcode Fuzzy Hash: 23e0129a137a0c8fa706e72d5ffe065b280fddc9d007253371bac9054ba57163
                                                          • Instruction Fuzzy Hash: 953139666087C01FD31E8F2D88646657FE55B5A000F4D84AEE8EACF343E430E60AD721
                                                          Function 00E2B080 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2a393e18e96e22232b1a8b6bc9d7aa5108758d654bbf380689cd5f10572be9e
                                                          • Instruction ID: 6545829013206b78c1a1b37e3ac8e678f9002fcba3e5818e3fb8163e17f746d0
                                                          • Opcode Fuzzy Hash: c2a393e18e96e22232b1a8b6bc9d7aa5108758d654bbf380689cd5f10572be9e
                                                          • Instruction Fuzzy Hash: 87514371C21B8287E261AB31CD54793B7A1BFB5304F259B2EE5DE21170FBB171E48A81
                                                          Function 00E47300 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1bd6ee22b8be88284ea3de3379d93d189bee9a2acde73ad58f94725c0800f69d
                                                          • Instruction ID: 8a5c75aa3c2f07df8d3692de07c762df96bced6fa050bfd0258d069ce0e3018f
                                                          • Opcode Fuzzy Hash: 1bd6ee22b8be88284ea3de3379d93d189bee9a2acde73ad58f94725c0800f69d
                                                          • Instruction Fuzzy Hash: DC212424C1CF4941D7236B79B8432BAA7906FE6348F51FB15F8E83D952FB24468461D1
                                                          Function 00E4A30D Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
                                                          • Instruction ID: 3e4aa2ddb2d8e81c8354a7a9abd9c0855dd406e35942f766b766150b3b172115
                                                          • Opcode Fuzzy Hash: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
                                                          • Instruction Fuzzy Hash: DD1151D9C2AF7A06E713633B5D42242DA105EF7989550D347FCB439D61F701B5C17210
                                                          Function 014D2165 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide
                                                          • String ID:
                                                          • API String ID: 626452242-0
                                                          • Opcode ID: 24bd64fee33e050f7a4bbbab62bc4f07e94b1ee1ba128e556050d8e682d625f4
                                                          • Instruction ID: 8279ad55957d5a36947ccd0fcf7f9acc27e986bb3c6b3e708546d847a0ec51c4
                                                          • Opcode Fuzzy Hash: 24bd64fee33e050f7a4bbbab62bc4f07e94b1ee1ba128e556050d8e682d625f4
                                                          • Instruction Fuzzy Hash: EE015275A0020DABDB08DFAADC51DFEB7B9EBD8320F40812EE91597290EA705904CB60
                                                          Function 013F590A Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67ac5ee430e72d2826c8efcc3335db81beda64fc33797bbf329b00ea593486b0
                                                          • Instruction ID: 34b9dad3e04972e154afe56145eaff68b7907608a049c57e1caf80f1fc48c102
                                                          • Opcode Fuzzy Hash: 67ac5ee430e72d2826c8efcc3335db81beda64fc33797bbf329b00ea593486b0
                                                          • Instruction Fuzzy Hash: 8BF0B4B2D00129AFDF05FBA8CC068BFB7BCEF14218F10046EEA12A7151EA709A148790
                                                          Function 013F5732 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 202264b495aea57bf335de0fcf60fb4b08f6b7c1e9d1d4bceccd79822d03eebf
                                                          • Instruction ID: 564047422918e9ef29ede17884fa33680939df3279c74702ad9765c95789a1b0
                                                          • Opcode Fuzzy Hash: 202264b495aea57bf335de0fcf60fb4b08f6b7c1e9d1d4bceccd79822d03eebf
                                                          • Instruction Fuzzy Hash: 4BE0D83200561AFACB122E0DED409AF3F59FFE22B6F15042EFB482B0508B31B481CAD1
                                                          Function 014D2620 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cfd3501ae8cc7d54b5b6039e73c4159469e4ee806065cc444d8108c8b9717388
                                                          • Instruction ID: 266dc8697288507b0d02c753007084f0e980406355c126087dd8869f7ade4f1a
                                                          • Opcode Fuzzy Hash: cfd3501ae8cc7d54b5b6039e73c4159469e4ee806065cc444d8108c8b9717388
                                                          • Instruction Fuzzy Hash: A1E086357167159F9F15CE69C810D6B77E5BF456003548469ED8DDB320D370E8038B80
                                                          Function 013F7321 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4c920fcbb8b362c6c414a7613c8428d6942e7fb65bc5c0d3cec4812cbf3b80f8
                                                          • Instruction ID: 8a5c385147671e74d99009fe4b1a73fe3efc6822b34cb5f3817f16bc93c72f66
                                                          • Opcode Fuzzy Hash: 4c920fcbb8b362c6c414a7613c8428d6942e7fb65bc5c0d3cec4812cbf3b80f8
                                                          • Instruction Fuzzy Hash: 3BD05E3265020D6BEF099EE8AC05D7A379DEF44618B0844ADFE1C87511E236D870AA90
                                                          Function 013F5ED1 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 92904718c7774d80baf37b01db223b482aa12a3400e7c889efefc14f73fae5f7
                                                          • Instruction ID: fef85accd2cdf2d42be0145860a0201e48621a0d1763f805cb462a3b52cabe82
                                                          • Opcode Fuzzy Hash: 92904718c7774d80baf37b01db223b482aa12a3400e7c889efefc14f73fae5f7
                                                          • Instruction Fuzzy Hash: 1BE0C22A5092A787C320495D50004E7FFA9AEF9598324C5AADFE85B3068020E94143F0
                                                          Function 013F5DA5 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4a5700dd9c090860e746394635df8148f9f381a8a4f8febb47ad15a4feb3c59
                                                          • Instruction ID: 4dabaff80a36143439bbd1f6c38f48b780258db5244d4afb721c33bd965015e2
                                                          • Opcode Fuzzy Hash: b4a5700dd9c090860e746394635df8148f9f381a8a4f8febb47ad15a4feb3c59
                                                          • Instruction Fuzzy Hash: AAD0123291D63536E9217669AC03ECB398DCB42AB4F100355BD26751D5E991990150E0
                                                          Function 013F612F Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 020cacdd8480cb7acb5a33face7ae5f67d8364c27b2bc5f228b0cde8383a0b65
                                                          • Instruction ID: ee6d95f8e2a2050bfc90e842625d0111103db8b03d74e8ff32a3654f11f605ea
                                                          • Opcode Fuzzy Hash: 020cacdd8480cb7acb5a33face7ae5f67d8364c27b2bc5f228b0cde8383a0b65
                                                          • Instruction Fuzzy Hash: 62D0927204420EBBCF022ECADC02DEA3F6AAB196A4F448054FF1805531D673D571ABD5
                                                          Function 013F5D58 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 412aa2e350dc295519245b494b04e34cd458883511249ab4c5f460d8d2a94c20
                                                          • Instruction ID: 3f15b46dce98ada4849ab39604381f676b58fdb89af72b57498342a44c0ab19a
                                                          • Opcode Fuzzy Hash: 412aa2e350dc295519245b494b04e34cd458883511249ab4c5f460d8d2a94c20
                                                          • Instruction Fuzzy Hash: B0D0223200222E36EA2025E9A801FDA3B4CCB10AB8F804016FF0C6E180C870880103E0
                                                          Function 013F6105 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a874a97c1a0f1350a0a091136a2aa511b6a6aa38adc0722bbc87292597935bc
                                                          • Instruction ID: 235c0da599d33a75acc42e9e54b3be1debdffab746b7547b012acd9b7d4a3936
                                                          • Opcode Fuzzy Hash: 0a874a97c1a0f1350a0a091136a2aa511b6a6aa38adc0722bbc87292597935bc
                                                          • Instruction Fuzzy Hash: 3AD06C3200420EBBCF025E85CC018AA3F6AAB19290B008014FB14004218A33D431AB91
                                                          Function 013F584E Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b33c3aab66a815c7681d875883d497a3ed4b338a17aabc1ba10642374f71ba6f
                                                          • Instruction ID: cab5480e12fe7b123bd2f7e34de6c83c9968a44ea0656c67c3a4b4a03cd658ad
                                                          • Opcode Fuzzy Hash: b33c3aab66a815c7681d875883d497a3ed4b338a17aabc1ba10642374f71ba6f
                                                          • Instruction Fuzzy Hash: FAC012A044021D7AEF00F6A9CC0BDBF7A6CAB00604F800418BB1061041E670951546A0
                                                          Function 013F5831 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00697b1b55a066e8f6e82ecc9971366dd5c01e2c0e8b86d5be220022d81dff43
                                                          • Instruction ID: e1a697a0c5b83de9356539697cd277863bf61e7ddadf795bbcc67a2c8d6d06dc
                                                          • Opcode Fuzzy Hash: 00697b1b55a066e8f6e82ecc9971366dd5c01e2c0e8b86d5be220022d81dff43
                                                          • Instruction Fuzzy Hash: F8C09B3250123877DD116D49E401D99FF9C9E01AB57054469FF487711645526C5056D4
                                                          Function 01407B24 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b7a3ce230df7e31ab3e725e1e43306e95fe06bef9b56ac6c445c84563359095
                                                          • Instruction ID: f157f12614a43b5bcbb063756f76a07def3413bd7d4ca1ff4403574980277ce0
                                                          • Opcode Fuzzy Hash: 4b7a3ce230df7e31ab3e725e1e43306e95fe06bef9b56ac6c445c84563359095
                                                          • Instruction Fuzzy Hash: B7C0027104420DABDF029F96EC018993B6AEF55264B004065FD580A261D633A9719B96
                                                          Function 013F5D82 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f213a4fa0332fa88bc39a926fb07c1300ecb502a4f432fd2e01db9a1bb9e3ce3
                                                          • Instruction ID: 7a2a89d2d99da91384ce15823d9df34815865e5b4f62f9540990591ec378261a
                                                          • Opcode Fuzzy Hash: f213a4fa0332fa88bc39a926fb07c1300ecb502a4f432fd2e01db9a1bb9e3ce3
                                                          • Instruction Fuzzy Hash: A7B0123241C31C3ADD043AE5FC038CA3BCDCB609B4710501AFD0C15051AD33B45010DC
                                                          Function 013F5966 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c058d809a171879c7d2e6b30af2b691a972df3c75a096c5f2351ff0c006427d
                                                          • Instruction ID: 384dfe22a8fd1d20983618d188ad50a10a1750c5d5599b2f4ad87164f9308ddd
                                                          • Opcode Fuzzy Hash: 5c058d809a171879c7d2e6b30af2b691a972df3c75a096c5f2351ff0c006427d
                                                          • Instruction Fuzzy Hash: 03B09231004238BB4722AA9A8809C8B7FACEB06AA07000100BD48571118A30A90196E9
                                                          Function 013F5A65 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4a503f68feaf53306e5e090325c103b21fd0aafa9d66652788954b5afafb2aef
                                                          • Instruction ID: 3f48dc9640acbd74502f4fe9d3d90adcd01a424396e9f6a07c61780425eeba41
                                                          • Opcode Fuzzy Hash: 4a503f68feaf53306e5e090325c103b21fd0aafa9d66652788954b5afafb2aef
                                                          • Instruction Fuzzy Hash: 9AC09BB48053095AC640F7F9850AC5F7AEC9F01740F55442559D452142DA74D544C7B3
                                                          Function 013F5B24 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1147995217c392e36dfc48353d2d3a4c789210a0bcddb43d26d5ef8e713f020
                                                          • Instruction ID: 713313d1c2843f29decc88c177593251520bde7d97c3905c8f1a1143576fbbcf
                                                          • Opcode Fuzzy Hash: c1147995217c392e36dfc48353d2d3a4c789210a0bcddb43d26d5ef8e713f020
                                                          • Instruction Fuzzy Hash: 47A0113000020C33CA003FAACC028CB3A8C8A222C0B008020BA08820228A22A80000FC
                                                          Function 013F5D97 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1a308af3d19b287379fcfdac4b35ebea863e8ea0d915d34481b303974fcc68d7
                                                          • Instruction ID: d0ac29f65c80061345a9e5f875dd47896a637078251c1722b9a3099e192246ad
                                                          • Opcode Fuzzy Hash: 1a308af3d19b287379fcfdac4b35ebea863e8ea0d915d34481b303974fcc68d7
                                                          • Instruction Fuzzy Hash:
                                                          Function 013F5A61 Relevance: .0, Instructions: 3COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c1af10e55f65fcf33e1f61e2858dedc3d93677e06f0a9ee18408edf0f16553e
                                                          • Instruction ID: f9d93bb6050abece768ba640a33519d1f25643404e4c276bdb386cb4d050c773
                                                          • Opcode Fuzzy Hash: 3c1af10e55f65fcf33e1f61e2858dedc3d93677e06f0a9ee18408edf0f16553e
                                                          • Instruction Fuzzy Hash:
                                                          Function 014414E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 914 14414e3-14414fb 915 1441501-1441509 914->915 916 14416dd 914->916 915->916 918 144150f-1441523 freerdp_error_info 915->918 917 14416df-14416e3 916->917 919 14416e4-14416f0 918->919 920 1441529-144152f 918->920 921 14416f2-14416f9 call 144e717 919->921 922 14416fe-144170a call 144e9a3 919->922 920->916 923 1441535-144153c 920->923 921->922 933 1441710-1441736 call 144ed82 922->933 934 144158e-1441595 922->934 926 144154e-144155a call 144e9a3 923->926 927 144153e-1441549 call 144e717 923->927 936 144155c-1441586 freerdp_get_error_info_string call 144ed82 926->936 937 1441589 926->937 927->926 933->934 934->916 938 144159b-14415a3 934->938 936->937 937->934 941 14415a5-14415ad 938->941 942 14415b3-14415ba 938->942 941->916 941->942 945 14415bc-14415c3 call 144e717 942->945 946 14415c8-14415d4 call 144e9a3 942->946 945->946 951 14415d6-14415fd call 144ed82 946->951 952 1441600-1441609 freerdp_reconnect 946->952 951->952 954 144160f-144161c freerdp_get_last_error 952->954 955 144173b-144173e 952->955 957 144161e-1441625 954->957 958 144166b 954->958 955->917 960 1441627-144162e call 144e717 957->960 961 1441633-144163f call 144e9a3 957->961 959 144166d-1441671 958->959 962 1441673-144167a 959->962 963 144167c-1441688 Sleep 959->963 960->961 971 1441667 961->971 972 1441641-1441664 call 144ed82 961->972 962->916 962->963 963->959 966 144168a-144168e 963->966 966->938 970 1441694-144169b 966->970 973 144169d-14416a4 call 144e717 970->973 974 14416a9-14416b5 call 144e9a3 970->974 971->958 972->971 973->974 974->916 981 14416b7-14416da call 144ed82 974->981 981->916
                                                          APIs
                                                          • freerdp_error_info.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,014414DF,?,00000000), ref: 01441519
                                                          • freerdp_get_error_info_string.GETSCREEN-456311346-X86(00000000,?,?,?,?,?,?,014414DF,?,00000000), ref: 0144155D
                                                          • freerdp_reconnect.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,014414DF,?,00000000), ref: 01441601
                                                          • freerdp_get_last_error.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,014414DF,?,00000000), ref: 01441611
                                                          • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,014414DF,?,00000000), ref: 0144167E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                                          • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                                          • API String ID: 968149013-2963753137
                                                          • Opcode ID: 5c6f017b3629e420895e74baeb906e634af6735e237470b9ef15197c0d6e955b
                                                          • Instruction ID: e5226e1ebe6845ab5bee082131f0aefef12c1a98623fca16d043a9162a0ad16a
                                                          • Opcode Fuzzy Hash: 5c6f017b3629e420895e74baeb906e634af6735e237470b9ef15197c0d6e955b
                                                          • Instruction Fuzzy Hash: 9051BA71740306B7FF226A2AEC52F6A2B98BB20F24F18401FF604FA2D1DA75D5D14755
                                                          Function 0140A89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_get_pixel_format.GETSCREEN-456311346-X86(?,?,?,?,?,0140A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0140A8B3
                                                          • gdi_free.GETSCREEN-456311346-X86(?,?,?,?,?,0140A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0140AA40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: gdi_freegdi_get_pixel_format
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                                          • API String ID: 1251975138-534786182
                                                          • Opcode ID: e92c93c9636338cc8da14aa4f19c000156bc88e9ea0cc3aa3618ab922b56dd54
                                                          • Instruction ID: a6a2f6e96402a035eb04299c68f128198f43fdf05f281c5f424821c8b48822e6
                                                          • Opcode Fuzzy Hash: e92c93c9636338cc8da14aa4f19c000156bc88e9ea0cc3aa3618ab922b56dd54
                                                          • Instruction Fuzzy Hash: DA418675600703AFDB16AF3ADC41B5A77E5BF24214F14843EF5589B2E1EF31A8918B50
                                                          Function 01446C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,?), ref: 01446D79
                                                          • _strlen.LIBCMT ref: 01446DF4
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,00000000), ref: 01446E1D
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,00000000), ref: 01446F6F
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,00000000), ref: 01447044
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_device_collection_add$_strlen
                                                          • String ID: drive$parallel$printer$serial$smartcard
                                                          • API String ID: 2230162058-807955808
                                                          • Opcode ID: 65b452796d6976b7a0ff73de83e38e22a9ce7a7ac6eb3270211f3155d6c5428d
                                                          • Instruction ID: 6302e73b6f82dfc24ceabf1e6b7b7fc2ba88ee376254cd675c39dfc39cfafee2
                                                          • Opcode Fuzzy Hash: 65b452796d6976b7a0ff73de83e38e22a9ce7a7ac6eb3270211f3155d6c5428d
                                                          • Instruction Fuzzy Hash: 88B1B3715042039BEF15AF1AC85199E7BA5FF36310B16806FF9049F272EF32D9528B90
                                                          Function 013D0E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 013D0F64
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 013D0F79
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                                          • API String ID: 3168844106-1571615648
                                                          • Opcode ID: 410838555340992d63afda90b0f419c2dddc75e8d638a77ea00f5fc15ffeaf67
                                                          • Instruction ID: 0d002d4934c931f47bb84ec789f9e10d089ffabf4e35f384b9b5caa766507741
                                                          • Opcode Fuzzy Hash: 410838555340992d63afda90b0f419c2dddc75e8d638a77ea00f5fc15ffeaf67
                                                          • Instruction Fuzzy Hash: 5B41E772A44306ABEB19EF6AEC45B597BE8FF18B28F10401DF618FB191DB74A500CB54
                                                          Function 013D6AF2 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 449COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_free.GETSCREEN-456311346-X86(00000000), ref: 013D7326
                                                            • Part of subcall function 013D7F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 013D7FCC
                                                            • Part of subcall function 013D7F9B: freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000680,?), ref: 013D7FFC
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(00000000,00000086,?), ref: 013D6D8C
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(00000000,00001446,00000001), ref: 013D7177
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(00000000,00001447,00000003), ref: 013D718F
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(00000000,00001448,00000005), ref: 013D71A7
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(00000000,00001449,00000002), ref: 013D71BF
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(00000000,0000144A,00002328), ref: 013D71DA
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(00000000,0000144D,00003A98), ref: 013D71F5
                                                          Strings
                                                          • C:\Windows\System32\mstscax.dll, xrefs: 013D6F3F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_uint32$freerdp_settings_set_string$ComputerNamefreerdp_settings_freefreerdp_settings_set_bool
                                                          • String ID: C:\Windows\System32\mstscax.dll
                                                          • API String ID: 2536960967-183970058
                                                          • Opcode ID: fcab43a9336888492c7597d66e7720ff3613461c7f069cd49bf177c7ffbd4f65
                                                          • Instruction ID: d9693adf219c905bec8f9fb41686ebbb6fc0c821db99192c686d0bd4090ffabc
                                                          • Opcode Fuzzy Hash: fcab43a9336888492c7597d66e7720ff3613461c7f069cd49bf177c7ffbd4f65
                                                          • Instruction Fuzzy Hash: 4412FDB1504B019EE324DF39D885B97BBE4FF18315F50492EE5AEC7290DBB1A640CB58
                                                          Function 014042E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 014042FA
                                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 01404320
                                                          • GetFileSize.KERNEL32(00000000,?), ref: 0140433A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: File$CreateSize_strlen
                                                          • String ID: %s %hu %s %s %s
                                                          • API String ID: 2645226956-2916857029
                                                          • Opcode ID: 71b3e0884025c80e825bacb09b4321318977eefe4fc2e2c24c285fde64edf8e2
                                                          • Instruction ID: d8899b85d9687a786da8ff493a3d36b346e2446114c149bbc88ed3559c554dc8
                                                          • Opcode Fuzzy Hash: 71b3e0884025c80e825bacb09b4321318977eefe4fc2e2c24c285fde64edf8e2
                                                          • Instruction Fuzzy Hash: F35153B1900215AEEB129FB6DC44ABF77BCEF15620F14453BFA01E62A1EB3599008764
                                                          Function 013D0C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 013D0D92
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 013D0DB2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                                          • API String ID: 3168844106-4217659166
                                                          • Opcode ID: cd3466c95b9fec816947f74933e0db0e66dc0be952435681c3c177b3b443e94e
                                                          • Instruction ID: 0d19da1515175b0b90ab52fbbd88d780f996f3dcda00779837500d75b15d2594
                                                          • Opcode Fuzzy Hash: cd3466c95b9fec816947f74933e0db0e66dc0be952435681c3c177b3b443e94e
                                                          • Instruction Fuzzy Hash: 33518272A40306AFEB24EF6AEC49F597BE4FB14B64F10401EF644BB291DB74A500CB58
                                                          Function 014D5E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • YUV buffer not initialized! check your decoder settings, xrefs: 014D5F1A
                                                          • avc444_ensure_buffer, xrefs: 014D5F1F
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 014D5F24
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: __aligned_free
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                                          • API String ID: 733272558-18228272
                                                          • Opcode ID: 8d115e4089e066f20146cf4530721cbab0e6b663dd97ef2d1e8b58749af8e55d
                                                          • Instruction ID: 01f7f22a218bf687f80bc3fb9749d87cc904d45ea46a52483dfc6154247a3b55
                                                          • Opcode Fuzzy Hash: 8d115e4089e066f20146cf4530721cbab0e6b663dd97ef2d1e8b58749af8e55d
                                                          • Instruction Fuzzy Hash: 5841AE71600302AFEF249F2ACCA1A56BBF5FF24214F14887FE6868E670D671E851CB50
                                                          Function 014D3B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,00000400,00000001), ref: 014D3B87
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000401,00000000), ref: 014D3BB7
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000404,?), ref: 014D3BDB
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000402,00000000), ref: 014D3BFA
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000014,?), ref: 014D3C12
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,000006C1,?), ref: 014D3C2B
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000403,?), ref: 014D3C44
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000015,00000000), ref: 014D3C60
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(?,00000013,?), ref: 014D3C82
                                                          • freerdp_target_net_addresses_free.GETSCREEN-456311346-X86(?), ref: 014D3C93
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                                          • String ID:
                                                          • API String ID: 949014189-0
                                                          • Opcode ID: 6cef6dd10707ff90aaa457e2c58685527288738f0f1d639d76a365eb69d9ad72
                                                          • Instruction ID: ad28fdd1ddddb83837d7475fb72bceb3b3c1e53b4ffa8c6d7c95b76d11d8c3dc
                                                          • Opcode Fuzzy Hash: 6cef6dd10707ff90aaa457e2c58685527288738f0f1d639d76a365eb69d9ad72
                                                          • Instruction Fuzzy Hash: 1C41C3B1A00716BBFB219F38DC58F967BD4BF14304F04002AEB05966E1E772E462CB96
                                                          Function 01481612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01455CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,01481701,00000001), ref: 01455CF9
                                                          • zgfx_context_new.GETSCREEN-456311346-X86(00000000), ref: 01481874
                                                            • Part of subcall function 014D693A: zgfx_context_reset.GETSCREEN-456311346-X86(00000000,00000000,00000000,?,01481879,00000000), ref: 014D6964
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                                          • API String ID: 3732774510-3243565116
                                                          • Opcode ID: 5cfa2bbb10412cdca9967e9e7285681b793c9fc64667f155471211497470f0c2
                                                          • Instruction ID: 54c0e417ac7576f02a14dd4a1c89ad873147b1a984cb13a1a0934733f347cba9
                                                          • Opcode Fuzzy Hash: 5cfa2bbb10412cdca9967e9e7285681b793c9fc64667f155471211497470f0c2
                                                          • Instruction Fuzzy Hash: 3271A8746947036FE324AF6A9C42B5A77D8FF35A24F10402FF505AB7A0EB74A442CB84
                                                          Function 0144E889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0144E8B2
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0144E8D6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                                          • API String ID: 1431749950-225596728
                                                          • Opcode ID: eca99d403f79b1afe87cdad4251e8183aadf6a48af8f9ae44de592a387715a27
                                                          • Instruction ID: c0da88dfa3fba6c8a61a4f38c54ddb40546a5f9f170b298156cfb94ba7c53ab3
                                                          • Opcode Fuzzy Hash: eca99d403f79b1afe87cdad4251e8183aadf6a48af8f9ae44de592a387715a27
                                                          • Instruction Fuzzy Hash: 1921363A2883136AB2657277AC5AE3F0B58FBB2874395002FF105B90E1EEB4840142B1
                                                          Function 013C3971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 013D48D9
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 013D498F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_set_last_error_ex
                                                          • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                                          • API String ID: 270715978-29603548
                                                          • Opcode ID: 6414ef3876fd192b8e82dcb0a6a865079207f255a9e1e9be2e031e7d476470d3
                                                          • Instruction ID: ddfce339aa7d813d48897b1a0c9e789906fadbd9cdda00000164fdea492be788
                                                          • Opcode Fuzzy Hash: 6414ef3876fd192b8e82dcb0a6a865079207f255a9e1e9be2e031e7d476470d3
                                                          • Instruction Fuzzy Hash: FC21EAB3A40305B7EB106A5AEC46FEB7F68BB11A18F04405EFD087E181EAB09540CAA1
                                                          Function 014D58B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_get_tag_string.GETSCREEN-456311346-X86(00000000,?,?,014D5425,?,?,?,?,00000000,?), ref: 014D58FA
                                                          • audio_format_get_tag_string.GETSCREEN-456311346-X86(00000001,00000000,?,?,014D5425,?,?,?,?,00000000,?), ref: 014D5902
                                                          • audio_format_compatible.GETSCREEN-456311346-X86(014D5425,?,?,?,?,014D5425,?,?,?,?,00000000,?), ref: 014D594D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: audio_format_get_tag_string$audio_format_compatible
                                                          • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                                          • API String ID: 204136587-155179076
                                                          • Opcode ID: 7ec05f7492e93af0fe852c4a1e9874f5d2a3e55100329b17e9ad8fb2a59b3a12
                                                          • Instruction ID: 0bc40f687a41c31b6a261efadedb60204b85edba31578a68adea34d755a09cb9
                                                          • Opcode Fuzzy Hash: 7ec05f7492e93af0fe852c4a1e9874f5d2a3e55100329b17e9ad8fb2a59b3a12
                                                          • Instruction Fuzzy Hash: AE21CBB2AC43026AFA245B6AAC66F7723E8AB35674F10001FFB44EE1D0F971A4414269
                                                          Function 01454B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(secur32.dll,?,01454AEC), ref: 01454B18
                                                          • LoadLibraryA.KERNEL32(security.dll,?,01454AEC), ref: 01454B28
                                                          • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 01454B42
                                                          • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 01454B51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryLoadProc
                                                          • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                                          • API String ID: 2574300362-4081094439
                                                          • Opcode ID: 9d662f8efd90c5f73aa4dc8007249b8347428a08d8d0d6a9aa7c2cfe72b62988
                                                          • Instruction ID: e83fbe2b0f4a28122cc68ab774060f5c66925c26af8b1b2e8e04a021b24a5641
                                                          • Opcode Fuzzy Hash: 9d662f8efd90c5f73aa4dc8007249b8347428a08d8d0d6a9aa7c2cfe72b62988
                                                          • Instruction Fuzzy Hash: 87F08977D50366979767EBBEBC0091B3EE8AB885603094257DC44DB219FE71D8418FA0
                                                          Function 013E501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ber_read_universal_tag.GETSCREEN-456311346-X86(?,00000002,00000000), ref: 013E502A
                                                          • ber_read_length.GETSCREEN-456311346-X86(?,?), ref: 013E503F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ber_read_lengthber_read_universal_tag
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                                          • API String ID: 3186670568-2454464461
                                                          • Opcode ID: 55cb7b8097dcabb80e1000226d7830e2f81ee0c4c3755af6e713c3b8cb50a98e
                                                          • Instruction ID: 775f3f16fd2e32ff0f1c9e73508a0feda40099f63b4c241244c4e3901400bb4c
                                                          • Opcode Fuzzy Hash: 55cb7b8097dcabb80e1000226d7830e2f81ee0c4c3755af6e713c3b8cb50a98e
                                                          • Instruction Fuzzy Hash: 2A4146B57043219BEF219E2ACC85B293BE5EF6162DF04816EF555AA2C5E638E500CB60
                                                          Function 01429C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_rects.GETSCREEN-456311346-X86(?,?), ref: 01429C6E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: region16_rects
                                                          • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                                          • API String ID: 844131241-2640574824
                                                          • Opcode ID: febd790eab2eb9e57eb45dd080b97b096ff9df2f669dd1c700332c25bc14cc8f
                                                          • Instruction ID: 7fb2c620f2a44eefe405eb775ee1ece780a5a2dd81906016c23d01bbd6cb2dbc
                                                          • Opcode Fuzzy Hash: febd790eab2eb9e57eb45dd080b97b096ff9df2f669dd1c700332c25bc14cc8f
                                                          • Instruction Fuzzy Hash: 7D31E6B178071276FB31AB5AEC43F7622C9FB24B25F60011FF504AD2D0EEB599815351
                                                          Function 013C2BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013C2C14
                                                          • clearChannelError.GETSCREEN-456311346-X86(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013C2C1B
                                                            • Part of subcall function 013C26E1: ResetEvent.KERNEL32(?), ref: 013C270A
                                                            • Part of subcall function 013D8142: ResetEvent.KERNEL32(?,?,013C2C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013D814E
                                                          Strings
                                                          • ConnectionResult, xrefs: 013C3077
                                                          • freerdp, xrefs: 013C3062
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 013C2BFC
                                                          • freerdp_connect, xrefs: 013C2C01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                                          • API String ID: 3632380314-3564821047
                                                          • Opcode ID: 8ec127fcccf9d7c1cd53d1a0c625d4b1bc10762e64316ff9949b034f6ca43f00
                                                          • Instruction ID: 0e745c90664920119629e9bd174fb47e4af4ab1ce1ed60466c94ad93ace6b1a6
                                                          • Opcode Fuzzy Hash: 8ec127fcccf9d7c1cd53d1a0c625d4b1bc10762e64316ff9949b034f6ca43f00
                                                          • Instruction Fuzzy Hash: 7B31B071A00206AFEB10DF7DD884BAABBE8BF18748F14406DE904DB291DB719D54CB50
                                                          Function 013E53FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ber_write_universal_tag.GETSCREEN-456311346-X86(?,00000002,00000000), ref: 013E5415
                                                          • ber_write_length.GETSCREEN-456311346-X86(?,00000001,?,00000002,00000000), ref: 013E541D
                                                          • ber_write_universal_tag.GETSCREEN-456311346-X86(?,00000002,00000000), ref: 013E5440
                                                          • ber_write_length.GETSCREEN-456311346-X86(?,00000002,?,00000002,00000000), ref: 013E5448
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ber_write_lengthber_write_universal_tag
                                                          • String ID:
                                                          • API String ID: 1889070510-0
                                                          • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                                          • Instruction ID: c7e4b95c60e65e236a67edd6ef961486f496aafaec9b1832bbdd8e26500e2378
                                                          • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                                          • Instruction Fuzzy Hash: FD21D639301764EFDB125B08CD45B5A77E5EF21B0DF058459F94B6BAC2C271AA01CFA1
                                                          Function 013ECB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • glyph_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECB79
                                                          • brush_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECB86
                                                          • pointer_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECB94
                                                          • bitmap_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBA2
                                                          • offscreen_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBB0
                                                          • palette_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBBE
                                                          • nine_grid_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBCC
                                                          • cache_free.GETSCREEN-456311346-X86(00000000), ref: 013ECBDE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                                          • String ID:
                                                          • API String ID: 2332728789-0
                                                          • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                                          • Instruction ID: 931d3088dd2e05e2c8aa24e4c96dcc0cd4bf361fb840555baa5f6e6bae05a92b
                                                          • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                                          • Instruction Fuzzy Hash: 3101D636148B279AFB25AA7E9854D7F7FEC8F52978710443FE580D69C0EF20D001A270
                                                          Function 0140EFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_init.GETSCREEN-456311346-X86(?), ref: 0140F58A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: region16_init
                                                          • String ID:
                                                          • API String ID: 4140821900-0
                                                          • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                                          • Instruction ID: 65a494be31e174ec0db6009bad5333930b4155cf5084c150f2ceab2002361bdc
                                                          • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                                          • Instruction Fuzzy Hash: B8516E72D0022A9BDB15DFAAC8809EEBBF9FF58304F04452EF519E7290E7359945CB60
                                                          Function 0140AA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_CreateCompatibleDC.GETSCREEN-456311346-X86(?,00000000,?,?,?,0140A9C7,00000000,?,?,?,?,?,?,?,?,0140A899), ref: 0140AAE7
                                                          • gdi_CreateCompatibleBitmap.GETSCREEN-456311346-X86(?,?,?,00000000,?,?,?,0140A9C7,00000000,?,?,?,?), ref: 0140AB0E
                                                          • gdi_CreateBitmapEx.GETSCREEN-456311346-X86(?,?,?,?,?,?,00000000,?,?,?,0140A9C7,00000000,?,?,?,?), ref: 0140AB2A
                                                          • gdi_SelectObject.GETSCREEN-456311346-X86(?,?), ref: 0140AB60
                                                          • gdi_CreateRectRgn.GETSCREEN-456311346-X86(00000000,00000000,00000000,00000000), ref: 0140ABA5
                                                          • gdi_DeleteObject.GETSCREEN-456311346-X86(?), ref: 0140AC39
                                                          • gdi_DeleteDC.GETSCREEN-456311346-X86(?), ref: 0140AC48
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                                          • String ID:
                                                          • API String ID: 412453062-0
                                                          • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                                          • Instruction ID: 63cce1f074c9c2ece95f02c5a47f327dcea178baf18e8a1846ec8f6c2618cfc9
                                                          • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                                          • Instruction Fuzzy Hash: 2A5128752007059FD725DF2AC884EA6BBE0FF2C310B1545BEE98A8BB61E771E8418F40
                                                          Function 014A2270 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _ValidateLocalCookies.LIBCMT ref: 014A22A7
                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 014A22AF
                                                          • _ValidateLocalCookies.LIBCMT ref: 014A2338
                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 014A2363
                                                          • _ValidateLocalCookies.LIBCMT ref: 014A23B8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                          • String ID: csm
                                                          • API String ID: 1170836740-1018135373
                                                          • Opcode ID: 0f4fad44406505715e815860e89266c389014aab14832defa9da56f084f02bce
                                                          • Instruction ID: 0f21878e98f0c09df20799279e89ca970f70fc772c310d7ae346a63949866937
                                                          • Opcode Fuzzy Hash: 0f4fad44406505715e815860e89266c389014aab14832defa9da56f084f02bce
                                                          • Instruction Fuzzy Hash: 8B41D434A00209AFCF10DF69C880E9FBFB4AF66314F95805AE9199B361C771EA45CB91
                                                          Function 0145EA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,01456939,?,?,?,?,01456A0A,?), ref: 0145EABD
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,01456939,?,?,?,?,01456A0A,?,?,00000000), ref: 0145EAE7
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,01456939,?,?,?,?,01456A0A,?,?,00000000), ref: 0145EB14
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,01456939,?,?,?,?,01456A0A,?,?,00000000), ref: 0145EB37
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                                          • API String ID: 1431749950-2760771567
                                                          • Opcode ID: a0c9d86456e2548325667fa3a8785702a909faa9e5a15d20ee358fd535c415b9
                                                          • Instruction ID: f032d0a4054cd2d9d44dea8f28ec7f1cce16725b61798384a81de61c16fc6368
                                                          • Opcode Fuzzy Hash: a0c9d86456e2548325667fa3a8785702a909faa9e5a15d20ee358fd535c415b9
                                                          • Instruction Fuzzy Hash: 4B31D471A05612BB9765AB6A994886FFF68FF60669310001FFD01BB622DB309A11C7B0
                                                          Function 00E48EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(01681278,00E48C90,00E48EC0,00000000), ref: 00E48F0A
                                                          • GetLastError.KERNEL32 ref: 00E48F38
                                                          • TlsGetValue.KERNEL32 ref: 00E48F46
                                                          • SetLastError.KERNEL32(00000000), ref: 00E48F4F
                                                          • RtlAcquireSRWLockExclusive.NTDLL(01681284), ref: 00E48F61
                                                          • RtlReleaseSRWLockExclusive.NTDLL(01681284), ref: 00E48F73
                                                          • TlsSetValue.KERNEL32(00000000,?,?,00000000,00E2B080), ref: 00E48FB5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                                          • String ID:
                                                          • API String ID: 389898287-0
                                                          • Opcode ID: 012583cfdf3007be476b30366abbec4ae17231032181e8a685c1862b9fd3ce56
                                                          • Instruction ID: fad47223a4868ff03d85b04c58cac2e6c68784c46ffecd15b43261177da04362
                                                          • Opcode Fuzzy Hash: 012583cfdf3007be476b30366abbec4ae17231032181e8a685c1862b9fd3ce56
                                                          • Instruction Fuzzy Hash: B9214370B00209AFDB206FA5FD08BAE3BA9FF16700F485025FC05EA250DB319814CBA1
                                                          Function 0145F61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WS2_32(00000002,00000002,00000011), ref: 0145F673
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01456921,?,?,?,?,01456A0A,?,?,00000000,?,0144E976,00000000), ref: 0145F68A
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01456921,?,?,?,?,01456A0A,?,?,00000000,?,0144E976,00000000), ref: 0145F6AB
                                                          • closesocket.WS2_32(?), ref: 0145F6E6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable$closesocketsocket
                                                          • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                                          • API String ID: 65193492-3368084233
                                                          • Opcode ID: 7aa08d156c69dec363deceef28d82dd9e405294da3c93148e69d49e440e18b77
                                                          • Instruction ID: 17b01501afa3be7be4f2edda91fdc002c941a452b7918c3626a3bbbaed71e9f2
                                                          • Opcode Fuzzy Hash: 7aa08d156c69dec363deceef28d82dd9e405294da3c93148e69d49e440e18b77
                                                          • Instruction Fuzzy Hash: 6821D131144B026BE3745F7A9C48A177BE4FF50728F14041FFA46DE6B2EBB1A40A8766
                                                          Function 0146001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(winsta.dll,?,014578D9,01707120), ref: 01460023
                                                          • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 0146003C
                                                          • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 01460052
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$LibraryLoad
                                                          • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                                          • API String ID: 2238633743-2382846951
                                                          • Opcode ID: a57336129fd8c1e797d9068119e7a1dc2049dbbbf16aa01dae1cb540517b3af0
                                                          • Instruction ID: 47547d2603e1bed6475c1b767f63b438f61cadba3f767a2592c313bd1bee8347
                                                          • Opcode Fuzzy Hash: a57336129fd8c1e797d9068119e7a1dc2049dbbbf16aa01dae1cb540517b3af0
                                                          • Instruction Fuzzy Hash: AF0108B0641345CFD7189FB5A84DAA63BE8FB04269F1984BAF449CF276DB3180449F16
                                                          Function 013ECB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • glyph_cache_free.GETSCREEN-456311346-X86(?), ref: 013ECB1E
                                                          • brush_cache_free.GETSCREEN-456311346-X86(?,?), ref: 013ECB26
                                                          • pointer_cache_free.GETSCREEN-456311346-X86(?,?,?), ref: 013ECB2E
                                                          • bitmap_cache_free.GETSCREEN-456311346-X86(?,?,?,?), ref: 013ECB36
                                                          • offscreen_cache_free.GETSCREEN-456311346-X86(?,?,?,?,?), ref: 013ECB3E
                                                          • palette_cache_free.GETSCREEN-456311346-X86(?,?,?,?,?,?), ref: 013ECB46
                                                          • nine_grid_cache_free.GETSCREEN-456311346-X86(?,?,?,?,?,?,?), ref: 013ECB4E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                                          • String ID:
                                                          • API String ID: 637575458-0
                                                          • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                                          • Instruction ID: eb2dd1d02b59838bb7eb51089abe99d7514c15e5564523632b10bd41828a80a3
                                                          • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                                          • Instruction Fuzzy Hash: DDE0E531401726ABCE323F66DC05C4EBBE6AF316557044539F599255F5CB32AC60AE90
                                                          Function 0142DFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_CRgnToRect.GETSCREEN-456311346-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0142E040
                                                          • gdi_RgnToRect.GETSCREEN-456311346-X86(?,?,?,?,?), ref: 0142E04F
                                                          • gdi_CRgnToRect.GETSCREEN-456311346-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0142E062
                                                          • gdi_RgnToRect.GETSCREEN-456311346-X86(?,?,?,?,?), ref: 0142E0A3
                                                          • gdi_CRgnToRect.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,?,?), ref: 0142E0C8
                                                          • gdi_RectToCRgn.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0142E147
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Rectgdi_
                                                          • String ID:
                                                          • API String ID: 2404991910-0
                                                          • Opcode ID: 580edfc63b6fdf576aac209dc2fe14a2c720a74ecde6ebdc0fd5d46f11b2e7a8
                                                          • Instruction ID: 756d97d02f74bfbc78f715e30cc7d91a4d2c4925ae87c63319c0986455ab509d
                                                          • Opcode Fuzzy Hash: 580edfc63b6fdf576aac209dc2fe14a2c720a74ecde6ebdc0fd5d46f11b2e7a8
                                                          • Instruction Fuzzy Hash: E351C675D01229EFCF14CF99C9808EEBBB9FF58710B64442AE515B7260D771AA81CFA0
                                                          Function 01401D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(?,000007C0,?), ref: 01401DA2
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C8,00000001), ref: 01401DCC
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C8,00000000), ref: 01401DE8
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C9,00000000), ref: 01401DFC
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C8,00000000), ref: 01401E19
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C9,00000000), ref: 01401E2D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                                          • String ID:
                                                          • API String ID: 4272850885-0
                                                          • Opcode ID: fad6795779e0600882673a89c48fb156f3d83e8e8ab2019e83a44d2ff3258703
                                                          • Instruction ID: d86f256e1ec58938df693eee72d9be9fc9b38679009714614028b69e9d8dbdf4
                                                          • Opcode Fuzzy Hash: fad6795779e0600882673a89c48fb156f3d83e8e8ab2019e83a44d2ff3258703
                                                          • Instruction Fuzzy Hash: 1D118262F8521375F962206E4C89F6F269D4F61F68F040036FB0CA52D0E9B5EE0284E6
                                                          Function 01428AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_image_copy.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 01428C2B
                                                          Strings
                                                          • freerdp_image_copy_from_icon_data, xrefs: 01428DBA
                                                          • 1bpp and 4bpp icons are not supported, xrefs: 01428DB5
                                                          • com.freerdp.color, xrefs: 01428D98
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 01428DBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_image_copy
                                                          • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                                          • API String ID: 1523062921-332027372
                                                          • Opcode ID: 14a1fcf38b6ff1e7982db78e2bcd4f75dd615177dff452f1d8315c4df90a9116
                                                          • Instruction ID: 3e8734f0fe218989872b75f088aa77824274f8685af4c444c10b5c45e88574e3
                                                          • Opcode Fuzzy Hash: 14a1fcf38b6ff1e7982db78e2bcd4f75dd615177dff452f1d8315c4df90a9116
                                                          • Instruction Fuzzy Hash: C051CBB250022E9ADF149F19CC51BFE7BE8FF54210F4481AEFA14A6290D7708AD5CF64
                                                          Function 01448423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: kbd-lang-list$kbd-list$monitor-list
                                                          • API String ID: 0-1393584692
                                                          • Opcode ID: b3a700e7db2664fbf1ef743897af37b24d8f569973a64e195aa26f48d12647de
                                                          • Instruction ID: 5be3d05d838548d23a533bd7c5ba648e184df3f8d6915eef8e391fa211e33e50
                                                          • Opcode Fuzzy Hash: b3a700e7db2664fbf1ef743897af37b24d8f569973a64e195aa26f48d12647de
                                                          • Instruction Fuzzy Hash: 6331A73294121A9BDB60DAA9DD45DCFB7A8AB25314F4501ABFD08A71F1DA70DA40CAE0
                                                          Function 01419962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 01419AFA
                                                          • com.freerdp.codec, xrefs: 01419AD0
                                                          • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 01419AF0
                                                          • interleaved_compress, xrefs: 01419AF5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                                          • API String ID: 0-4054760794
                                                          • Opcode ID: abc746559ef8b3e5d1f734292fcbf3376badf65f2d9c508c2d1687b8dc4f3aa3
                                                          • Instruction ID: fd67a890ae6bd7bdaf3fc336cf0a18a001f08b64a83d5da8027fa33e69db0340
                                                          • Opcode Fuzzy Hash: abc746559ef8b3e5d1f734292fcbf3376badf65f2d9c508c2d1687b8dc4f3aa3
                                                          • Instruction Fuzzy Hash: 1321C272300206BFFF259E5ADC55FAB3F58FB14698F04412AFA049A278E775E850CB51
                                                          Function 0144E489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453DA3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                                          • API String ID: 689400697-1744466472
                                                          • Opcode ID: 503e2d5b8b1829c5c6f340a1d7e57708851627b6af81fb659d2e25d4412ea010
                                                          • Instruction ID: bacce5039a0f70701a0121f96dbd5e9ded2074cfa8bc0c97107106bd2947878e
                                                          • Opcode Fuzzy Hash: 503e2d5b8b1829c5c6f340a1d7e57708851627b6af81fb659d2e25d4412ea010
                                                          • Instruction Fuzzy Hash: 5721C936280345BBEF225E56EC02DAF3FA9FB54760F044059FF04691B1D672D961E760
                                                          Function 0144E492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453CC8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                                          • API String ID: 689400697-743139187
                                                          • Opcode ID: 244475a0d53a8c16d50b751331d845bbbdb3f96a180fb5aa42fcadbfe2ed436f
                                                          • Instruction ID: 199f08b490cf3c6d068cd088989d832c64d44411d653f1a2c668b6ce296409e3
                                                          • Opcode Fuzzy Hash: 244475a0d53a8c16d50b751331d845bbbdb3f96a180fb5aa42fcadbfe2ed436f
                                                          • Instruction Fuzzy Hash: 3821F672280245BBEF665F56DC02EAB3F79FB64B60F04014AFF00690B1CA72D961D760
                                                          Function 013D11D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 013D11FA
                                                          • getChannelError.GETSCREEN-456311346-X86(?), ref: 013D1248
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ChannelError_strlen
                                                          • String ID: ($ChannelDetached$freerdp
                                                          • API String ID: 3987305115-436519898
                                                          • Opcode ID: e1499e454b03231cbfd0bb136d8937cdf541f185652e272b2af967cb0b6b06cb
                                                          • Instruction ID: 3f3c184fb11b0f06c2a3a2e62005d59e0e064bd25fcb3ed827db900a49b14c63
                                                          • Opcode Fuzzy Hash: e1499e454b03231cbfd0bb136d8937cdf541f185652e272b2af967cb0b6b06cb
                                                          • Instruction Fuzzy Hash: DA2160B1A00209AFDB10DF98D884FAEBBF8FF18344F104469E944EB251D771AA50DBA0
                                                          Function 013D0B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 013D0B64
                                                          • getChannelError.GETSCREEN-456311346-X86(?), ref: 013D0BB2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ChannelError_strlen
                                                          • String ID: ($ChannelAttached$freerdp
                                                          • API String ID: 3987305115-2646891115
                                                          • Opcode ID: 0a6bf907b2b70cb591947218505b16bbe63a8acab1640d878548673a9b684e83
                                                          • Instruction ID: 5b0b6be5c3088b5336e9f47c7733356f030f8230205f9a05e80ac45371c62f84
                                                          • Opcode Fuzzy Hash: 0a6bf907b2b70cb591947218505b16bbe63a8acab1640d878548673a9b684e83
                                                          • Instruction Fuzzy Hash: 65213271A00209EFDF15DF98D884FAEBBF4FF08744F104469F948AB251D770AA509BA0
                                                          Function 0144E401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145384E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                                          • API String ID: 689400697-2008077614
                                                          • Opcode ID: 25efce45eb7aed676a5f64afbcac4db0bd234a74a8d6caaa953b64856cad1dda
                                                          • Instruction ID: 69ace837a122421f3a7bab13952847fbf0f25fe228bb54b2609d7dd6aac29221
                                                          • Opcode Fuzzy Hash: 25efce45eb7aed676a5f64afbcac4db0bd234a74a8d6caaa953b64856cad1dda
                                                          • Instruction Fuzzy Hash: 8611E776380345BBEF665F579C06EAB3FA9FB64B60F00405AFE00691F1D972D9209760
                                                          Function 0144E40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014532F9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                                          • API String ID: 689400697-1172745827
                                                          • Opcode ID: 79df74c9e0bcb1fdb337df1e36f14f0c0282d44834f31da193931c18e5046f49
                                                          • Instruction ID: e3dc7a3a44aaaf6acf5c5711f58c9581a7105bfacf83048e00050da594c111db
                                                          • Opcode Fuzzy Hash: 79df74c9e0bcb1fdb337df1e36f14f0c0282d44834f31da193931c18e5046f49
                                                          • Instruction Fuzzy Hash: 9D11D536380245BBEB265F579C06E6B3FA9FB64760F004059FE00A91A2DE72D96097A0
                                                          Function 0144E413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453227
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                                          • API String ID: 689400697-2657764935
                                                          • Opcode ID: ffca248bbd958d11c1d6409a7b329103b3598a8027eb2fcaa56294a889418b1b
                                                          • Instruction ID: be7bbce8b430b678da136088a22658ea83e39259ab4195162c817bab9687255f
                                                          • Opcode Fuzzy Hash: ffca248bbd958d11c1d6409a7b329103b3598a8027eb2fcaa56294a889418b1b
                                                          • Instruction Fuzzy Hash: CA11D536380345BBEB225F97AC06EAB3F69FBA47A0F004059FE00691E1D972D920D760
                                                          Function 0144E452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014533CB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                                          • API String ID: 689400697-3640258815
                                                          • Opcode ID: f47291131c09950d81305308458585aa0799b3c68df30f562ede2f30e9c45b9c
                                                          • Instruction ID: 56aa5b78394bec0c15c83cd22573728027fec602c197e525847d96f21e7d139a
                                                          • Opcode Fuzzy Hash: f47291131c09950d81305308458585aa0799b3c68df30f562ede2f30e9c45b9c
                                                          • Instruction Fuzzy Hash: 091108393C03457BEB665E57AC06E2B3F58FB61B60F40406AFF00AA1E1D97299518770
                                                          Function 0144E46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145360B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                                          • API String ID: 689400697-848437295
                                                          • Opcode ID: f71b44463e9c6ca632a1188486992877d580851ff15b1968af2a8faf60a06d8f
                                                          • Instruction ID: e2e0f18ea447b93056585a9a0d07bbe26f65dd9e7975ba7288ff9bb1d839e64d
                                                          • Opcode Fuzzy Hash: f71b44463e9c6ca632a1188486992877d580851ff15b1968af2a8faf60a06d8f
                                                          • Instruction Fuzzy Hash: 051104753803457BEB725E57AC06E2B3BACFB61B60F00005EFE04A92E1D972E95087B0
                                                          Function 0144E476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453548
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                                          • API String ID: 689400697-3257054040
                                                          • Opcode ID: ddbb72dbb3a7297fd87a569f08314e67ca4ad23db0af7a7c93b0aad3db8cfd23
                                                          • Instruction ID: 3368ae72fd189e1565ce710289ae94e81e41d396852a0ad5bc391d0a9eebd844
                                                          • Opcode Fuzzy Hash: ddbb72dbb3a7297fd87a569f08314e67ca4ad23db0af7a7c93b0aad3db8cfd23
                                                          • Instruction Fuzzy Hash: 3D11C475380345BBEB765E57AC06F2B3BACFB60B64F00405AFE00AA1E1DD72D9109760
                                                          Function 0144E4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145417E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                                          • API String ID: 689400697-1164902870
                                                          • Opcode ID: 86c5f801217aa0c637d84d616e33609a4bd3cae0325344791e7c417f202fa6ac
                                                          • Instruction ID: 4eb5143b213e64ac487e6faa0af70191060d3955091406da5a9269204ea4358e
                                                          • Opcode Fuzzy Hash: 86c5f801217aa0c637d84d616e33609a4bd3cae0325344791e7c417f202fa6ac
                                                          • Instruction Fuzzy Hash: AA11EB393843457BE7665A57AC06E2B3F6CF765A60F04405EFE00AD1E1ED71DA608770
                                                          Function 0144E4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014540BB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                                          • API String ID: 689400697-247170817
                                                          • Opcode ID: a5a61cee6993e8fe523475963982888d3765816352133584ffe5be5100cbe3fe
                                                          • Instruction ID: edfd380c6de2622cd0a25886b5e4dfcc89ac1a58db5ee247c55b32f007776979
                                                          • Opcode Fuzzy Hash: a5a61cee6993e8fe523475963982888d3765816352133584ffe5be5100cbe3fe
                                                          • Instruction Fuzzy Hash: 7B1108353843457BEB626A17AC06E2B3E9CF7A1A21F04405EFE00AD1E1E972D9508370
                                                          Function 0144E4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01454544
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                                          • API String ID: 689400697-1495805676
                                                          • Opcode ID: 6501ddcedc5f65adc92f9f2b25832103383aff63bdc5e55c2db50be2993e49cf
                                                          • Instruction ID: 067ac17e3aef8ff381b8b67cce90c5351a2c8905ddced36d3a7cb2b077b1da02
                                                          • Opcode Fuzzy Hash: 6501ddcedc5f65adc92f9f2b25832103383aff63bdc5e55c2db50be2993e49cf
                                                          • Instruction Fuzzy Hash: 6C110875380345BBFB615A57AC06E6B3FA8F760A20F44405AFF00AE5E1E971D9508764
                                                          Function 0144E49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01454481
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                                          • API String ID: 689400697-3834539683
                                                          • Opcode ID: 93cc5f7699ba3e0c0df922d0e3d6ab9569f0a2e3fc682ebf01fadf6dd3ab3a50
                                                          • Instruction ID: 3424168a31d0a9c7e0291bf533b6349aadd5908b50cdec7c837c85f5f6f292db
                                                          • Opcode Fuzzy Hash: 93cc5f7699ba3e0c0df922d0e3d6ab9569f0a2e3fc682ebf01fadf6dd3ab3a50
                                                          • Instruction Fuzzy Hash: 891108753C03457BEB615A57AC02E2B3F58F761A20F04805AFF00AD5E2E971DA60D770
                                                          Function 01421A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ncrush_context_reset.GETSCREEN-456311346-X86(00000000,00000000), ref: 01421B36
                                                          Strings
                                                          • ncrush_context_new, xrefs: 01421B14
                                                          • ncrush_context_new: failed to initialize tables, xrefs: 01421B0F
                                                          • com.freerdp.codec, xrefs: 01421AF1
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 01421B19
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ncrush_context_reset
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                                          • API String ID: 2838332675-904927664
                                                          • Opcode ID: 1e302b47c87af03a1215c5286d4857f0032a70921b019e8eab964867c11329cb
                                                          • Instruction ID: 6b6acb0a4fdb79b7bc31d59ab6246d872c390b2ffb17f01fa0000a6c0e4264c0
                                                          • Opcode Fuzzy Hash: 1e302b47c87af03a1215c5286d4857f0032a70921b019e8eab964867c11329cb
                                                          • Instruction Fuzzy Hash: 8E1129B22007033AE705AB17DC41F97BB6CFB20B60F40411EF5149A290EFB2999086A1
                                                          Function 0144E4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453F3E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                                          • API String ID: 689400697-3211427146
                                                          • Opcode ID: 96e4944d6e06ab73719109ff7e89fe1441e0d389b26dcd5ff93b9f8f309b8593
                                                          • Instruction ID: dd4f6da10cbfe934f116f21eaa88847f26dd3fd8612801cdc2cc1f2f7a277f86
                                                          • Opcode Fuzzy Hash: 96e4944d6e06ab73719109ff7e89fe1441e0d389b26dcd5ff93b9f8f309b8593
                                                          • Instruction Fuzzy Hash: E611EB76384341BBE7625B57AC12E2B3F6DF765B60F00415EFA40AA1E1D971D9108360
                                                          Function 0144E4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453E7E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                                          • API String ID: 689400697-2578917824
                                                          • Opcode ID: bbb181bd06531ccd7dac5d818228e5dc8d2876383ce651b45e51d7d1e559f16d
                                                          • Instruction ID: e64101beeaff6aeec5b05c993ffcfe26bd40f0672d23be24eba929e19164ca13
                                                          • Opcode Fuzzy Hash: bbb181bd06531ccd7dac5d818228e5dc8d2876383ce651b45e51d7d1e559f16d
                                                          • Instruction Fuzzy Hash: 8611EB76380341BBE7625A57AC02E2F3BACF765B71F00415EFA00A91E1D972D9109360
                                                          Function 0144E4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145378E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                                          • API String ID: 689400697-3754301720
                                                          • Opcode ID: cec96d05a279358ab10b475523a5ef326a54290e1740bced73ba2eba89a86502
                                                          • Instruction ID: ff1c6abd658bdf0ef7427c1b7a43b2acd2679de9aa788735e782d63c03a68264
                                                          • Opcode Fuzzy Hash: cec96d05a279358ab10b475523a5ef326a54290e1740bced73ba2eba89a86502
                                                          • Instruction Fuzzy Hash: 3E11C4753803417BE7665B5BAC06E2B3B9CF7A1B60F04405AFE10A91E1D971D95087A0
                                                          Function 0144E4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014536CE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                                          • API String ID: 689400697-3413647607
                                                          • Opcode ID: 99d07ecf36a7e90d863ecde5aee4c35724953abcd883c1d8374d5c6ea931160a
                                                          • Instruction ID: a6c7bd4fd7231a991ba72acd530ff9d1c58004f43434530fd5ee7496ae417ead
                                                          • Opcode Fuzzy Hash: 99d07ecf36a7e90d863ecde5aee4c35724953abcd883c1d8374d5c6ea931160a
                                                          • Instruction Fuzzy Hash: CC11E7B53803817BE7625A5BEC46E2B3B9CFB61B60F44405EFE00AD1E1D971D9108760
                                                          Function 0142954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_image_copy.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 014295B5
                                                          Strings
                                                          • SmartScaling requested but compiled without libcairo support!, xrefs: 014295E6
                                                          • freerdp_image_scale, xrefs: 014295EB
                                                          • com.freerdp.color, xrefs: 014295C8
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 014295F0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_image_copy
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                                          • API String ID: 1523062921-212429655
                                                          • Opcode ID: b3f0d8b7d78f18a9131946a34291f99612321431ad4a991177f50fc09f028f34
                                                          • Instruction ID: eedc5f6e071fa6ba84524288ca06f60671daed6d046b07143421adcccbece671
                                                          • Opcode Fuzzy Hash: b3f0d8b7d78f18a9131946a34291f99612321431ad4a991177f50fc09f028f34
                                                          • Instruction Fuzzy Hash: E121E7B2340209BBEF15DE14CC12FAE3795FB14704F44410AFD049A260E731D5A1DB40
                                                          Function 0144E440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01452FF0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                                          • API String ID: 689400697-1149382491
                                                          • Opcode ID: 1af76a8db532be211a5fdc0657ea6473082dd88a3db211c380280deae39f2658
                                                          • Instruction ID: 02ef7bb2c6737a6f07962269954f19d10cd8a75e737bfa82fa6fb86822cef1be
                                                          • Opcode Fuzzy Hash: 1af76a8db532be211a5fdc0657ea6473082dd88a3db211c380280deae39f2658
                                                          • Instruction Fuzzy Hash: 4C1194753843417BE7755A2BAC06E6B3F9CBB61F60F00405AFF04AA1E1D972995092A0
                                                          Function 0144E449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01452F33
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                                          • API String ID: 689400697-255015424
                                                          • Opcode ID: 4a1c7693d95a2b4c7409452c167f7dc4d461e1117550881e1c9cd926391752c5
                                                          • Instruction ID: 4b03805e5dbad31aac37607c56827bf088c79c65b0b44b25af8f142e065f28f6
                                                          • Opcode Fuzzy Hash: 4a1c7693d95a2b4c7409452c167f7dc4d461e1117550881e1c9cd926391752c5
                                                          • Instruction Fuzzy Hash: 8D11C476384341BBE7255657AC16E2B3F9CF765A20F00405BFA04AD1E1D9A299509360
                                                          Function 0144E41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453920
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                                          • API String ID: 689400697-2845897268
                                                          • Opcode ID: f67b7a5058de13935bb27103dc601cf6bb5a837dede88ec5de169c27c5ad56d6
                                                          • Instruction ID: ad269b274fbcd56f81ee0bdc69fac9d2b6be523a74ad6ef53c56892623e2e2ff
                                                          • Opcode Fuzzy Hash: f67b7a5058de13935bb27103dc601cf6bb5a837dede88ec5de169c27c5ad56d6
                                                          • Instruction Fuzzy Hash: 92110AB53C03457BF7615A1BAC06E2B7FACFBA0BA0F00415EFA00AE1E1D971D91087A0
                                                          Function 0144E425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014539DD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                                          • API String ID: 689400697-1972714555
                                                          • Opcode ID: daf50e3389473f3a59e65c4f858d18d1d4b8158d7f142ae0ab005b74addeba90
                                                          • Instruction ID: befd7519ff75c350919fd037324fe7db6d42781035fa1d1c2ae6007db96cfb99
                                                          • Opcode Fuzzy Hash: daf50e3389473f3a59e65c4f858d18d1d4b8158d7f142ae0ab005b74addeba90
                                                          • Instruction Fuzzy Hash: 1E11CA753C03417BE7655A5BAC16E2B3F6CFBA1B60F00415EFA00AE1E1E9719D1087B0
                                                          Function 0144E4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453FFE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                                          • API String ID: 689400697-2156878011
                                                          • Opcode ID: 674543aa227707637710f028dfa3064fbae0a3c222fd7a814551dfd9ff5988c7
                                                          • Instruction ID: 9a8b6b7a661a1306c0bfb262a0d1e6cd535f3783f6be308451dde48636dd093f
                                                          • Opcode Fuzzy Hash: 674543aa227707637710f028dfa3064fbae0a3c222fd7a814551dfd9ff5988c7
                                                          • Instruction Fuzzy Hash: C811CA753803457BE7B5565BAC06F2B3B9CF7A1F24F04415EFA04AE1E2E9A2D95083B0
                                                          Function 0144E4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145316A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                                          • API String ID: 689400697-3351603741
                                                          • Opcode ID: 08a6709681c36d901a542c501d63930f25adad456389db14afcb80a37ffe27aa
                                                          • Instruction ID: 56c02abd10f5c35132314d903e73e7efe1bf50f43162c4b3d09317263971ed53
                                                          • Opcode Fuzzy Hash: 08a6709681c36d901a542c501d63930f25adad456389db14afcb80a37ffe27aa
                                                          • Instruction Fuzzy Hash: AB11E7363C03457BE7656B57AC06E2B3F6CF761B60F00405AFE00A91E2D972E9108760
                                                          Function 0144E4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014530AD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                                          • API String ID: 689400697-2261828479
                                                          • Opcode ID: 51793a9f096ffdbdcfa6b4b41ce7d7a8e043750a028f4a0e58f685fe4e025df9
                                                          • Instruction ID: 41d252247832fe8cc28d35a58389de42201eb74eaf1db32a89059f99a7a0fc68
                                                          • Opcode Fuzzy Hash: 51793a9f096ffdbdcfa6b4b41ce7d7a8e043750a028f4a0e58f685fe4e025df9
                                                          • Instruction Fuzzy Hash: 0C11E7653803417BE7615A27AC07E6B3AACF765B60F00405AFA10AA1E2D9A2DA5082B0
                                                          Function 0144E507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453A9A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                                          • API String ID: 689400697-4185332897
                                                          • Opcode ID: 352e028ffa95922197ac71e95caea3562dc87f3171a2298c8dfacca8b8dda9ba
                                                          • Instruction ID: 9eade1c11960b647454bc1463213784feda400d4cf8cfa2bf080523c0e7d3a1b
                                                          • Opcode Fuzzy Hash: 352e028ffa95922197ac71e95caea3562dc87f3171a2298c8dfacca8b8dda9ba
                                                          • Instruction Fuzzy Hash: 0511C6757803417BE7665A1BAC07E2B3B9CFBA1B60F40415EFA04AA1E2DDA1991086A0
                                                          Function 0144E510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145348E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                                          • API String ID: 689400697-3116451197
                                                          • Opcode ID: 62663f0dbe6eab3ae894e164f9391b4513d2bd16bef91fbe3b517d6695a15fa0
                                                          • Instruction ID: c8bc451756e359d873216dd3174bf3d10a261ecf92130a7143e706e3fa979e5b
                                                          • Opcode Fuzzy Hash: 62663f0dbe6eab3ae894e164f9391b4513d2bd16bef91fbe3b517d6695a15fa0
                                                          • Instruction Fuzzy Hash: B811C6793C03417BE6765A2BAC07F2B3E9CF7A1B60F44416AFA00AA1E1D971E9508264
                                                          Function 0144E45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453B54
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                                          • API String ID: 689400697-1791514552
                                                          • Opcode ID: 5ec3750403b8aa7f4fd4347fd14e0ab7cd6f3e109c662363be95c03a2d6e4360
                                                          • Instruction ID: 3b09d724780f055be0a40d91730d2081f723d5589ec4e32fc032937c991763ff
                                                          • Opcode Fuzzy Hash: 5ec3750403b8aa7f4fd4347fd14e0ab7cd6f3e109c662363be95c03a2d6e4360
                                                          • Instruction Fuzzy Hash: F711CA753803417BE7665A5BAC07E2B3E5CFBA1B60F40409AFA00AE1E2DD61DA1087B4
                                                          Function 0144E464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453C0E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                                          • API String ID: 689400697-4242683877
                                                          • Opcode ID: e60ad098f148530a9a69be8d6b28ba8669356d792e5206385a53a8e0be727f57
                                                          • Instruction ID: 77a0f5b43b68ccf1a1e3443b0254332dd7c20a21a5168e49415e5d1e66dd47f0
                                                          • Opcode Fuzzy Hash: e60ad098f148530a9a69be8d6b28ba8669356d792e5206385a53a8e0be727f57
                                                          • Instruction Fuzzy Hash: 27118A663803417BE6665A1BAC46E6B3F5CF7A1B60F44405EFE00AA1F2D961DA518260
                                                          Function 0144E4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01454241
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                                          • API String ID: 689400697-954186549
                                                          • Opcode ID: 84416c140eea776d4b6ef2c22634e07629c9e86f520886d7c80ce62e9788a761
                                                          • Instruction ID: ef133af83475c277facec5d01af2c06b80cd73c6a227d6769444818373351191
                                                          • Opcode Fuzzy Hash: 84416c140eea776d4b6ef2c22634e07629c9e86f520886d7c80ce62e9788a761
                                                          • Instruction Fuzzy Hash: 7811E3653843417BF625571BBC06E2B3B9CF7A1AA0F04005EBE00AE1E2E9A19A908660
                                                          Function 014D65C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • primitives_get.GETSCREEN-456311346-X86 ref: 014D65CB
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 014D6633
                                                          • error when decoding lines, xrefs: 014D6629
                                                          • yuv_process_work_callback, xrefs: 014D662E
                                                          • com.freerdp.codec, xrefs: 014D660B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: primitives_get
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                                          • API String ID: 2017034601-2620645302
                                                          • Opcode ID: 5a32ec7c5276a02411430156da0b55e005c8f729135ff9ef2ca69d773e192f1b
                                                          • Instruction ID: d3521c6faee46dec4b8cc3d53f6cfa67f20cc7ed8a2cc5b1f381d88f6f2d11bf
                                                          • Opcode Fuzzy Hash: 5a32ec7c5276a02411430156da0b55e005c8f729135ff9ef2ca69d773e192f1b
                                                          • Instruction Fuzzy Hash: 190196B1A40306AFEB18DF59DC11F5ABBA8FF18614F00415EFA08DA391E775E5408B98
                                                          Function 014D1D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %zd;NAME=%s%zd;PASS=%s
                                                          • API String ID: 4218353326-3114484625
                                                          • Opcode ID: bed660dc8c6aae7d3885444ad59dbbca4ec69931807c1d36eb0dc3be92c9c024
                                                          • Instruction ID: 811317e2f5102232e465694c0a4cc7b0c021710ccf1800947d909e5ffc3fad6c
                                                          • Opcode Fuzzy Hash: bed660dc8c6aae7d3885444ad59dbbca4ec69931807c1d36eb0dc3be92c9c024
                                                          • Instruction Fuzzy Hash: 94016975E00208BFDF14AFE9CD82ADD7BB4EF24204F00886FEE099A321E6759651DB51
                                                          Function 01429EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_extents.GETSCREEN-456311346-X86(?), ref: 01429F06
                                                          • region16_extents.GETSCREEN-456311346-X86(?,?), ref: 01429F12
                                                          • region16_n_rects.GETSCREEN-456311346-X86(?,?,?), ref: 01429F1D
                                                          • region16_n_rects.GETSCREEN-456311346-X86(?), ref: 01429F7D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: region16_extentsregion16_n_rects
                                                          • String ID:
                                                          • API String ID: 2062899502-0
                                                          • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                                          • Instruction ID: 57583f0ac1c11f94375199a52b830c45b984012192a16bfdfc0873ba48904430
                                                          • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                                          • Instruction Fuzzy Hash: 4D510975D0012A9BCB14DF9AC8408BEF7F5FF18750B55816AE859E7360E334AE80CBA4
                                                          Function 014D408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strncpy
                                                          • String ID:
                                                          • API String ID: 2961919466-0
                                                          • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                                          • Instruction ID: bd75df41f64d6d37e0f2746945accb1275dea98b467ebac838425d25c7f9ba9e
                                                          • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                                          • Instruction Fuzzy Hash: 2C1166B9400707BEDB319E65D844B93FBBCEF24208F04492BE59947A21F335A559C7B1
                                                          Function 00E48E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(01681278,00E48C90,00E48EC0,00000000), ref: 00E48E6A
                                                          • GetLastError.KERNEL32 ref: 00E48E7F
                                                          • TlsGetValue.KERNEL32 ref: 00E48E8D
                                                          • SetLastError.KERNEL32(00000000), ref: 00E48E96
                                                          • TlsAlloc.KERNEL32 ref: 00E48EC3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastOnce$AllocExecuteInitValue
                                                          • String ID:
                                                          • API String ID: 2822033501-0
                                                          • Opcode ID: 0ae1422fb25df7e005352d13fdc557277e6b57c2d1b0c6263c6c4226939942f8
                                                          • Instruction ID: 12cf3be7a108dea2ea98ebd1efe76e5261904a6afa32a459dcd93c37812268e2
                                                          • Opcode Fuzzy Hash: 0ae1422fb25df7e005352d13fdc557277e6b57c2d1b0c6263c6c4226939942f8
                                                          • Instruction Fuzzy Hash: 8A01D675600208AFCB209FB5FD48A6E7BB8FB49724F44522AF815E7254EB309950CB60
                                                          Function 00E2A790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                                          • API String ID: 4218353326-3992632484
                                                          • Opcode ID: 2f2cd8ff82c61135dadcc2797623f26c987b7fb6c823851afb84e80361783140
                                                          • Instruction ID: 2d735040daabfdba5fa7255f694f662cfa0d11e4719cda37b2ae479139e91d63
                                                          • Opcode Fuzzy Hash: 2f2cd8ff82c61135dadcc2797623f26c987b7fb6c823851afb84e80361783140
                                                          • Instruction Fuzzy Hash: DD416572F0036617EB285A11EC45BBA7328BBE5348F585239ED44F6281EB708A45C2D2
                                                          Function 014D49E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_print.GETSCREEN-456311346-X86(?,?,?), ref: 014D4A72
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: audio_format_print
                                                          • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                                          • API String ID: 2744001552-3527835062
                                                          • Opcode ID: 2409f8c0966bfc65bf32eb4b8c807f90c792909cc67defaae08163f67d965dac
                                                          • Instruction ID: 85c388d00a52159265b6a4502500ad0534b996baa0bc40fd6380bd28806934e5
                                                          • Opcode Fuzzy Hash: 2409f8c0966bfc65bf32eb4b8c807f90c792909cc67defaae08163f67d965dac
                                                          • Instruction Fuzzy Hash: 12110A7274031737EE15AE5B5C45FBF2B9CBF71A60F44000FF91476690E6B5D60182A6
                                                          Function 0144783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: audin$rdpsnd
                                                          • API String ID: 0-930729200
                                                          • Opcode ID: 8526ed866b00b97359503a2e0a2c018125addf1c4233c84401857a9f73a6bec9
                                                          • Instruction ID: 16112ad4c557c6162b71869dd7edc0329d68ead6feb3d61a3084642416ff1639
                                                          • Opcode Fuzzy Hash: 8526ed866b00b97359503a2e0a2c018125addf1c4233c84401857a9f73a6bec9
                                                          • Instruction Fuzzy Hash: 51119031A00A56AFFB25CF79C88069BF7A4BB04B42F14822FE15856250D7706591CBD1
                                                          Function 01404029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 0140403A
                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 01404060
                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 01404076
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: File$CreatePointer_strlen
                                                          • String ID: %s %hu %s %s %s
                                                          • API String ID: 4211031630-2916857029
                                                          • Opcode ID: 0f21191b1a5bffb58ac269c527e2d7e17038fecd513a243800543f875e4a25cd
                                                          • Instruction ID: beccf4959724a546bf87bcd6c2e1356ebf50b84683777d6b698eb897f7b34dd5
                                                          • Opcode Fuzzy Hash: 0f21191b1a5bffb58ac269c527e2d7e17038fecd513a243800543f875e4a25cd
                                                          • Instruction Fuzzy Hash: 4001A235201120BBDB212A67DC4EEA77F69EF46774F188169FA189D0E2D732C812D7B0
                                                          Function 014D4701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_get_tag_string.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?), ref: 014D4737
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 014D4748
                                                          • audio_format_print, xrefs: 014D4743
                                                          • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 014D473E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: audio_format_get_tag_string
                                                          • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                                          • API String ID: 2866491501-3564663344
                                                          • Opcode ID: 9f0e1113347424a3c5a3b16a3583c4723ba32845a9a0b716a9dd642740e4db35
                                                          • Instruction ID: 161ee4494b94c1e77d5c3c3900d8dc17b310c824fac2691c47a341085ddaf7c1
                                                          • Opcode Fuzzy Hash: 9f0e1113347424a3c5a3b16a3583c4723ba32845a9a0b716a9dd642740e4db35
                                                          • Instruction Fuzzy Hash: 94F090B5140309BAEB041F42CC05E3637AEFB28A14F24804EFD5C9C0A1E67BD9A2E320
                                                          Function 013C2713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_get_last_error.GETSCREEN-456311346-X86(?), ref: 013C2725
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 013C2745
                                                          Strings
                                                          • freerdp_abort_connect, xrefs: 013C2739
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 013C2734
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                                          • API String ID: 3690923134-629580617
                                                          • Opcode ID: c38413d95935334a82e2a979f28e40316f98672cf8ed5ef01883af3724f4ef62
                                                          • Instruction ID: c0b16ded859ca7d7ce3d73cc53bf3acae8a7141d436e2b5c118c4185798bf7b9
                                                          • Opcode Fuzzy Hash: c38413d95935334a82e2a979f28e40316f98672cf8ed5ef01883af3724f4ef62
                                                          • Instruction Fuzzy Hash: 70E04835240215EEEA317D29EC42B56B794BF10F98F14442DE5C47A452E7615D509780
                                                          Function 014D632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • primitives_get.GETSCREEN-456311346-X86 ref: 014D633F
                                                          • primitives_flags.GETSCREEN-456311346-X86(00000000), ref: 014D6353
                                                          • TpWaitForWork.NTDLL(00000000,00000000), ref: 014D64A9
                                                          • TpReleaseWork.NTDLL(00000000), ref: 014D64B2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                                          • String ID:
                                                          • API String ID: 704174238-0
                                                          • Opcode ID: 3ed38785020e4f42a9ebae45f235c30e670755e173176719b7a80c5b6f5d9577
                                                          • Instruction ID: d8b8e72589722bc6c0b0ae1b2c459890f7e5656f7506fcf5d3af664fbbc2dcaf
                                                          • Opcode Fuzzy Hash: 3ed38785020e4f42a9ebae45f235c30e670755e173176719b7a80c5b6f5d9577
                                                          • Instruction Fuzzy Hash: 196149B5A0020ADFCB04CF68C9919AEBBF5FF58310B15816AE919EB360D730E951CF90
                                                          Function 0142C297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_SetRgn.GETSCREEN-456311346-X86(?,?,?,?,00000000,00000001,?,?), ref: 0142C324
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: gdi_
                                                          • String ID:
                                                          • API String ID: 2273374161-0
                                                          • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                                          • Instruction ID: 55e7c15743db970b6f1594ef9ca06db43b769c35a2014fd0f1afc2cf39ee8575
                                                          • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                                          • Instruction Fuzzy Hash: F331ED71900219EFDB10DF99C98499EBBF9FF58210F54846AE905E7220D335EA85CFA0
                                                          Function 01455C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 01455C16
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01455C34
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01455C54
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01455C9A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$Leave$Enter
                                                          • String ID:
                                                          • API String ID: 2978645861-0
                                                          • Opcode ID: 15dbb0a6cc46870c6448d3d650ca677825dc2ee365ddc63afed0c9d0cdc7f8dd
                                                          • Instruction ID: c0cb211ec5c19cbb94f36a38594878d4d6824cf48030376a1d3a49bec5ffb886
                                                          • Opcode Fuzzy Hash: 15dbb0a6cc46870c6448d3d650ca677825dc2ee365ddc63afed0c9d0cdc7f8dd
                                                          • Instruction Fuzzy Hash: F021AF31500605EFDB228F18C984A7A7BF4FF45361F15466EE982EB362D770B941CB50
                                                          Function 014AB6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 014BF42C: GetLastError.KERNEL32(00000000,?,014A5FDD,014BF0E3,?,?,0144F77A,0000000C,?,?,?,?,013C27D2,?,?,?), ref: 014BF581
                                                            • Part of subcall function 014BF42C: SetLastError.KERNEL32(00000000,000000FF,00000006), ref: 014BF623
                                                          • CloseHandle.KERNEL32(?,?,?,014AB817,?,?,014AB689,00000000), ref: 014AB711
                                                          • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,014AB817,?,?,014AB689,00000000), ref: 014AB727
                                                          • RtlExitUserThread.NTDLL(?,?,?,014AB817,?,?,014AB689,00000000), ref: 014AB730
                                                          • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 014AB76E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                                          • String ID:
                                                          • API String ID: 1062721995-0
                                                          • Opcode ID: 2fd308f7b6b05e4d791c0ab7d1288c6aef252d971dfdf95219fff07550e36921
                                                          • Instruction ID: 24bcf1241f73a6f9d5c3834d3ec05c3beb032fd50a4cbaa5a261546cbe44cd27
                                                          • Opcode Fuzzy Hash: 2fd308f7b6b05e4d791c0ab7d1288c6aef252d971dfdf95219fff07550e36921
                                                          • Instruction Fuzzy Hash: 3311D6B5500214BBD7209B6ADC04E9B7FE8DFA0760F59412AFA19CB3B1DB70D905C7A0
                                                          Function 01429BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_rects.GETSCREEN-456311346-X86(?,00000000), ref: 01429BDC
                                                          • region16_extents.GETSCREEN-456311346-X86(?), ref: 01429BEC
                                                          • rectangles_intersects.GETSCREEN-456311346-X86(00000000,?), ref: 01429BF7
                                                            • Part of subcall function 014297FD: rectangles_intersection.GETSCREEN-456311346-X86(?,?,?), ref: 0142980C
                                                          • rectangles_intersects.GETSCREEN-456311346-X86(00000000,?), ref: 01429C1A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                                          • String ID:
                                                          • API String ID: 3854534691-0
                                                          • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                                          • Instruction ID: 773cd055153f210c908286622c1653d18028a9ee15c7d73233f819f5d7e4e4ae
                                                          • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                                          • Instruction Fuzzy Hash: F501C83351423959AB359A5BD48067BE7DCDF50578F94401FE91897160E735ECC1C1A8
                                                          Function 01441F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_new.GETSCREEN-456311346-X86 ref: 01441F56
                                                          • freerdp_context_new.GETSCREEN-456311346-X86(00000000,00000000,?,?), ref: 01441FA4
                                                          • freerdp_register_addin_provider.GETSCREEN-456311346-X86(?,00000000), ref: 01441FC7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                                          • String ID:
                                                          • API String ID: 3731710698-0
                                                          • Opcode ID: 08274451eca7c746d51be73bad34e30589af24fbdf3b3d40b8a38c2f5ee396b0
                                                          • Instruction ID: 5c725d1c3c3cafbb9f6b61a652bf36691b517c4804df82ada2ffced74ca21d3e
                                                          • Opcode Fuzzy Hash: 08274451eca7c746d51be73bad34e30589af24fbdf3b3d40b8a38c2f5ee396b0
                                                          • Instruction Fuzzy Hash: 2D11A331604B036BF725AF6AD810B97BBA9BFB0A20F10441FE55987360EB71F491C790
                                                          Function 014D621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: __aligned_free
                                                          • String ID:
                                                          • API String ID: 733272558-0
                                                          • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                                          • Instruction ID: d390ab688f61d6956ce9ce6f1729c7c2aea98ecec28d58053cbda9b5b36fcda5
                                                          • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                                          • Instruction Fuzzy Hash: EBE04F31401B157FCE717B66CD4099BBB99BF38605705041AF54657630C671A8519BF0
                                                          Function 0142D99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Rectgdi_
                                                          • String ID:
                                                          • API String ID: 2404991910-3916222277
                                                          • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                                          • Instruction ID: 05c2b5a8f4b20ddf0fdaa026479162dc29bc881a85a1e13355e10600904ed777
                                                          • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                                          • Instruction Fuzzy Hash: 1051D27340015ABBDF02DE94CD50DEB7BAEBF18244F49425AFF1991120E732E5A1ABA1
                                                          Function 014568CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,01456A0A,?,?,00000000,?,0144E976,00000000), ref: 0145697B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalInitializeSectionSpin
                                                          • String ID: %s: unknown handler type %u$WLog_Appender_New
                                                          • API String ID: 2593887523-3466059274
                                                          • Opcode ID: 79078ed7b703a6d1b333c5b6fa80ffae2d1e83e0c234fee6d7bfe6da8d797fcc
                                                          • Instruction ID: 976f1f4ccb865136b0407b6e0bc430ac84fc18e5028f865319658ab03eea2c06
                                                          • Opcode Fuzzy Hash: 79078ed7b703a6d1b333c5b6fa80ffae2d1e83e0c234fee6d7bfe6da8d797fcc
                                                          • Instruction Fuzzy Hash: 8E11293254820266A7E2797E9C44DFFAB78AB72931B86001FFD05A6277DA30D50251A2
                                                          Function 013C3FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %s%s-client.%s$DeviceServiceEntry
                                                          • API String ID: 0-2733899524
                                                          • Opcode ID: 722feb938e4196542e78d67095800f5f2954a104e8b13fb0e2598bbec4ef1c89
                                                          • Instruction ID: 6e5ef91eacafc54b7a4ac56979313972ee4f1b40f7b63b915f39234d23fdb391
                                                          • Opcode Fuzzy Hash: 722feb938e4196542e78d67095800f5f2954a104e8b13fb0e2598bbec4ef1c89
                                                          • Instruction Fuzzy Hash: 96119476A002196BFB109E9DD891AAF7BACEF90E58F04401EFE14D7241D771DD018B90
                                                          Function 0144EBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,0144E987), ref: 0144EBF6
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,0144E987), ref: 0144EC1A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WLOG_FILTER
                                                          • API String ID: 1431749950-2006202657
                                                          • Opcode ID: 1410538585b297246eeec047fc2fd4fc8b4e5c51f19380e7725ddd37af6d6753
                                                          • Instruction ID: 287ff849e0c374cc8285728efe15254890b270e8d7ff4a950cbaaea4f808f645
                                                          • Opcode Fuzzy Hash: 1410538585b297246eeec047fc2fd4fc8b4e5c51f19380e7725ddd37af6d6753
                                                          • Instruction Fuzzy Hash: 2EF0F633315215AB623127A6BD58C2F7FADFAB56B8391002FF108DB114EE795C4187A4
                                                          Function 0144BC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: .msrcIncident$.rdp
                                                          • API String ID: 4218353326-1437571178
                                                          • Opcode ID: 24ebb44851ed494b509a232d2c7b577b7bec231a94b26e227777be6cdd56e4b5
                                                          • Instruction ID: 132b22955483b85170a4ec431e496c3a01689fda3c9ec9b5dee8cdee9c6622f8
                                                          • Opcode Fuzzy Hash: 24ebb44851ed494b509a232d2c7b577b7bec231a94b26e227777be6cdd56e4b5
                                                          • Instruction Fuzzy Hash: 31F0AC32A00E07ABB92499BADC8182B3344EB11030350072FE43FD32F0DE30D41081E8
                                                          Function 01454BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01454AE3), ref: 01454BCC
                                                          • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01454AE3), ref: 01454BEC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WINPR_NATIVE_SSPI
                                                          • API String ID: 1431749950-1020623567
                                                          • Opcode ID: f3fb7dae3e9bd022f9e2690d7cd0653597de62abe60ecba983e7fb04dd3594c8
                                                          • Instruction ID: 4683b2a50dab0c30a72a937a1a2751a4fe08a81c4556acb0b46c62e34f9b860b
                                                          • Opcode Fuzzy Hash: f3fb7dae3e9bd022f9e2690d7cd0653597de62abe60ecba983e7fb04dd3594c8
                                                          • Instruction Fuzzy Hash: 19F0973329503326E336206A2C04F2F1EB8DBE6E20B1A012FFA01DF196E930888341E0
                                                          Function 0141A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • rfx_context_new.GETSCREEN-456311346-X86(?), ref: 0141A2ED
                                                            • Part of subcall function 0140E4DD: GetVersionExA.KERNEL32(?), ref: 0140E5CD
                                                            • Part of subcall function 0140E4DD: GetNativeSystemInfo.KERNEL32(?), ref: 0140E5E7
                                                            • Part of subcall function 0140E4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0140E612
                                                          • progressive_context_free.GETSCREEN-456311346-X86(00000000), ref: 0141A36D
                                                          Strings
                                                          • com.freerdp.codec.progressive, xrefs: 0141A2CA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                                          • String ID: com.freerdp.codec.progressive
                                                          • API String ID: 2699998398-3622116780
                                                          • Opcode ID: 8183f282621f5dc986eac2dbf31f35cf750c347f47c13e5f6c81adfbbcf1b2a7
                                                          • Instruction ID: 011b772be4558eeb78f6c842d0979b5e4d7887e4e5768a2242a64eedf6ab6b74
                                                          • Opcode Fuzzy Hash: 8183f282621f5dc986eac2dbf31f35cf750c347f47c13e5f6c81adfbbcf1b2a7
                                                          • Instruction Fuzzy Hash: 4CF0E03290574716F320ABB79800F5B7BD8DF62A70F24002FF608AB690D97090018261
                                                          Function 013BF215 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 013BF221
                                                            • Part of subcall function 014A23CE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,00000001), ref: 014A242E
                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 013BF241
                                                            • Part of subcall function 013291A0: ___std_exception_copy.LIBVCRUNTIME ref: 013291D3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: std::invalid_argument::invalid_argument$DispatcherExceptionUser___std_exception_copy
                                                          • String ID: bad function call
                                                          • API String ID: 1082284150-3612616537
                                                          • Opcode ID: dfb7a67d579642474458cb9ca8e77790448002cfdd7add081212d59b9ab12a22
                                                          • Instruction ID: cbf994e29442856055e67d82305eaa263e0f43b9ba15ae5a990393c3cf9694b6
                                                          • Opcode Fuzzy Hash: dfb7a67d579642474458cb9ca8e77790448002cfdd7add081212d59b9ab12a22
                                                          • Instruction Fuzzy Hash: F1F03A39C0420D77CB04FAF5DC49DCDB77CAE25204F80446AFB14A28A0EBB1A629C7E1
                                                          Function 01401ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_get_key_for_name.GETSCREEN-456311346-X86(?), ref: 01401EEF
                                                          • freerdp_settings_get_type_for_key.GETSCREEN-456311346-X86(00000000), ref: 01401F51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                                          • String ID: TRUE
                                                          • API String ID: 1888880752-3412697401
                                                          • Opcode ID: ad53e2466b9c5486c6fe43957c4197ba74c2546cac6e31873634d7d24be43712
                                                          • Instruction ID: 56f00d5761294fbc7d62868ca37dee162e912d5387d95042310b29607255ae24
                                                          • Opcode Fuzzy Hash: ad53e2466b9c5486c6fe43957c4197ba74c2546cac6e31873634d7d24be43712
                                                          • Instruction Fuzzy Hash: 26E0E5323102156F9A13AAAFDC85D9B365CEB65EA5B01003FF604AB2A0EBB1D90046A0
                                                          Function 014015BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %s:%s
                                                          • API String ID: 4218353326-3196766268
                                                          • Opcode ID: a7f93030e22c0139bc70208f413b31f40e6f69431d61ca3291a6327cee22cdeb
                                                          • Instruction ID: 985bc315e6438b40f04672239e98dcdd7e441675662f96ec3f4b2644ac354f36
                                                          • Opcode Fuzzy Hash: a7f93030e22c0139bc70208f413b31f40e6f69431d61ca3291a6327cee22cdeb
                                                          • Instruction Fuzzy Hash: C6F0E2B140020A7BDB212FA78C80D9B7B5CFF34264B45002AFD0856331E736D921D6E0
                                                          Function 01401493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %s:%s
                                                          • API String ID: 4218353326-3196766268
                                                          • Opcode ID: 14341e24cf2bbc65fb4cdb9880f5bdc5f5cb184c4ac6b39a48631db8ce15f932
                                                          • Instruction ID: a89c5ab91ae47667e79c2886accbb2ad6d7ba96d9c2fa98e2c65cfda3f62e961
                                                          • Opcode Fuzzy Hash: 14341e24cf2bbc65fb4cdb9880f5bdc5f5cb184c4ac6b39a48631db8ce15f932
                                                          • Instruction Fuzzy Hash: 8AF0BEB140020A7BDB216EA68D80D9B3A9DEF34254B46013AFD0452331E635D82196E0
                                                          Function 0145717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,01457163), ref: 01457190
                                                          • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,01457163), ref: 014571B1
                                                            • Part of subcall function 01457310: LoadLibraryA.KERNEL32(?,?,014571C4,00000000,?,?,01457163), ref: 01457316
                                                            • Part of subcall function 01457310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0145732B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                                          • String ID: WTSAPI_LIBRARY
                                                          • API String ID: 3590464466-1122459656
                                                          • Opcode ID: 29253c80c7a63fac7543bc6cbb9bc963bc1bab6bc743b6dcdead463492534c94
                                                          • Instruction ID: 619c6b60c873ef31a8003b60a6ff83a1cfd59231369cb5b06cb2f3d5fa843b1f
                                                          • Opcode Fuzzy Hash: 29253c80c7a63fac7543bc6cbb9bc963bc1bab6bc743b6dcdead463492534c94
                                                          • Instruction Fuzzy Hash: 8BE0EC3114112325D33221596C09F5F3F1D9BD1A7AF90002EF8009E3969A3014018195
                                                          Function 01457310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(?,?,014571C4,00000000,?,?,01457163), ref: 01457316
                                                          • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0145732B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.4104513912.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000000.00000002.4104473255.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000167B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.00000000023CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.0000000002463000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4104513912.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.4120692666.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryLoadProc
                                                          • String ID: InitWtsApi
                                                          • API String ID: 2574300362-3428673357
                                                          • Opcode ID: 0fe9f4892e8a63aad19aeb460c3ac631821de9941ce7c0a047f553e97e7c24ec
                                                          • Instruction ID: 22224ac01f62bdb0634ecf00f62373b57a2702e67cd2deb54750fd4c0b426045
                                                          • Opcode Fuzzy Hash: 0fe9f4892e8a63aad19aeb460c3ac631821de9941ce7c0a047f553e97e7c24ec
                                                          • Instruction Fuzzy Hash: 07D02B316903059B9F159FF6EC0A4173FDDE7805613088432AC1CC5253EF30D010C760

                                                          Execution Graph

                                                          Execution Coverage:0.4%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:57
                                                          Total number of Limit Nodes:4
                                                          execution_graph 12891 14ab62b 12892 14ab637 12891->12892 12893 14ab64b 12892->12893 12894 14ab63e GetLastError RtlExitUserThread 12892->12894 12897 14bf42c GetLastError 12893->12897 12894->12893 12896 14ab650 12898 14bf442 12897->12898 12908 14bf44c SetLastError 12898->12908 12924 14bf717 12898->12924 12901 14bf4dc 12901->12896 12902 14bf479 12903 14bf4b9 12902->12903 12905 14bf481 12902->12905 12932 14bf25a 12903->12932 12904 14bf4e1 12912 14bf717 RtlAllocateHeap 12904->12912 12913 14bf4fe 12904->12913 12928 14bf066 12905->12928 12908->12901 12908->12904 12910 14bf503 12910->12896 12911 14bf066 __aligned_free 2 API calls 12911->12908 12916 14bf522 12912->12916 12913->12910 12914 14bf57d GetLastError 12913->12914 12915 14bf593 12914->12915 12921 14bf622 SetLastError 12915->12921 12917 14bf52a 12916->12917 12918 14bf55e 12916->12918 12919 14bf066 __aligned_free 2 API calls 12917->12919 12920 14bf25a 2 API calls 12918->12920 12919->12913 12922 14bf569 12920->12922 12921->12896 12923 14bf066 __aligned_free 2 API calls 12922->12923 12923->12910 12927 14bf730 12924->12927 12925 14bf74f RtlAllocateHeap 12926 14bf764 12925->12926 12925->12927 12926->12902 12927->12925 12927->12926 12929 14bf071 HeapFree 12928->12929 12931 14bf093 __aligned_free 12928->12931 12930 14bf086 GetLastError 12929->12930 12929->12931 12930->12931 12931->12908 12937 14bf0ee 12932->12937 12938 14bf0fa 12937->12938 12949 14af2a5 RtlEnterCriticalSection 12938->12949 12940 14bf104 12950 14bf134 12940->12950 12943 14bf200 12944 14bf20c 12943->12944 12954 14af2a5 RtlEnterCriticalSection 12944->12954 12946 14bf216 12955 14bf24e 12946->12955 12949->12940 12953 14af2ed RtlLeaveCriticalSection 12950->12953 12952 14bf122 12952->12943 12953->12952 12954->12946 12958 14af2ed RtlLeaveCriticalSection 12955->12958 12957 14bf23c 12957->12911 12958->12957 12959 25329e0 12962 25329f8 12959->12962 12960 2532b03 LoadLibraryA 12960->12962 12962->12960 12963 2532b2c GetProcAddress 12962->12963 12964 2532b48 VirtualProtect VirtualProtect 12962->12964 12963->12962 12965 2532b42 ExitProcess 12963->12965 12966 2532bc0 12964->12966 12966->12966

                                                          Executed Functions

                                                          Function 025329E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 25329e0-25329f0 1 2532a02-2532a07 0->1 2 2532a09 1->2 3 2532a0b 2->3 4 25329f8-25329fd 2->4 6 2532a10-2532a12 3->6 5 25329fe-2532a00 4->5 5->1 5->2 7 2532a14-2532a19 6->7 8 2532a1b-2532a1f 6->8 7->8 9 2532a21 8->9 10 2532a2c-2532a2f 8->10 13 2532a23-2532a2a 9->13 14 2532a4b-2532a50 9->14 11 2532a31-2532a36 10->11 12 2532a38-2532a3a 10->12 11->12 12->6 13->10 13->14 15 2532a63-2532a65 14->15 16 2532a52-2532a5b 14->16 19 2532a67-2532a6c 15->19 20 2532a6e 15->20 17 2532ad2-2532ad5 16->17 18 2532a5d-2532a61 16->18 21 2532ada 17->21 18->20 19->20 22 2532a70-2532a73 20->22 23 2532a3c-2532a3e 20->23 26 2532adc-2532ade 21->26 27 2532a75-2532a7a 22->27 28 2532a7c 22->28 24 2532a40-2532a45 23->24 25 2532a47-2532a49 23->25 24->25 29 2532a9d-2532aac 25->29 30 2532ae0-2532ae3 26->30 31 2532af7 26->31 27->28 28->23 32 2532a7e-2532a80 28->32 36 2532aae-2532ab5 29->36 37 2532abc-2532ac9 29->37 30->26 38 2532ae5-2532af5 30->38 33 2532afd-2532b01 31->33 34 2532a82-2532a87 32->34 35 2532a89-2532a8d 32->35 39 2532b03-2532b19 LoadLibraryA 33->39 40 2532b48-2532b4b 33->40 34->35 35->32 41 2532a8f 35->41 36->36 42 2532ab7 36->42 37->37 43 2532acb-2532acd 37->43 38->21 44 2532b1a-2532b1f 39->44 47 2532b4e-2532b55 40->47 45 2532a91-2532a98 41->45 46 2532a9a 41->46 42->5 43->5 44->33 48 2532b21-2532b23 44->48 45->32 45->46 46->29 49 2532b57-2532b59 47->49 50 2532b79-2532bbd VirtualProtect * 2 47->50 51 2532b25-2532b2b 48->51 52 2532b2c-2532b39 GetProcAddress 48->52 53 2532b5b-2532b6a 49->53 54 2532b6c-2532b77 49->54 57 2532bc0-2532bc1 50->57 51->52 55 2532b42 ExitProcess 52->55 56 2532b3b-2532b40 52->56 53->47 54->53 56->44 58 2532bc5-2532bc9 57->58 58->58 59 2532bcb 58->59
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(?), ref: 02532B13
                                                          • GetProcAddress.KERNELBASE(?,0250CFF9), ref: 02532B31
                                                          • ExitProcess.KERNEL32(?,0250CFF9), ref: 02532B42
                                                          • VirtualProtect.KERNELBASE(00DE0000,00001000,00000004,?,00000000), ref: 02532B90
                                                          • VirtualProtect.KERNELBASE(00DE0000,00001000), ref: 02532BA5
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                          • String ID:
                                                          • API String ID: 1996367037-0
                                                          • Opcode ID: 9173673b5b8ef55a4d0515196a62ce7cc8b2d3ab3b3781f9ddf1fbdab8f5e92d
                                                          • Instruction ID: e3938d48c6732bd86530abfcc945211298ba0f09f287c68e92dac619ba0daa5d
                                                          • Opcode Fuzzy Hash: 9173673b5b8ef55a4d0515196a62ce7cc8b2d3ab3b3781f9ddf1fbdab8f5e92d
                                                          • Instruction Fuzzy Hash: 8C51F572610B125BE7324EB8CCC07A4BB95FB41224F181B38DDE2D72C6E7E45C0687A8
                                                          Function 014AB62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetLastError.KERNEL32(01600388,0000000C), ref: 014AB63E
                                                          • RtlExitUserThread.NTDLL(00000000), ref: 014AB645
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorExitLastThreadUser
                                                          • String ID:
                                                          • API String ID: 1750398979-0
                                                          • Opcode ID: 87173ed42973fb33626ae3532110bc9fdea896bd8d8eef480a9251f6c8611eb4
                                                          • Instruction ID: 3468c4b2e2b220af5e3bee3b94d4aaa1ac2a0cb2f9a7761cd8e025ff6a13ab05
                                                          • Opcode Fuzzy Hash: 87173ed42973fb33626ae3532110bc9fdea896bd8d8eef480a9251f6c8611eb4
                                                          • Instruction Fuzzy Hash: C1F0C2B5A00206DFDB15AFB1C849BAF7BB4EF30A10F55015EE406DB2B2CB345941CBA1

                                                          Non-executed Functions

                                                          Function 0144E42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014542FB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                                          • API String ID: 689400697-3301108232
                                                          • Opcode ID: 1f604a01b05b3ce669045890f44420fd0aac548aa3d9cd20cc584c0a4cedc7c5
                                                          • Instruction ID: 801ee606d2970ab679cd941bf17cfdd0c3af973a1d87d097b2c4991d50f39215
                                                          • Opcode Fuzzy Hash: 1f604a01b05b3ce669045890f44420fd0aac548aa3d9cd20cc584c0a4cedc7c5
                                                          • Instruction Fuzzy Hash: 591126353803417BEB265A17AC42E2B3F9CF7A5A20F04401ABE00AD1F2E961DA50C760
                                                          Function 0144E437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014543BE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                                          • API String ID: 689400697-3976766517
                                                          • Opcode ID: b85e7a7fdbdc7ee31b1dcdf41892ef4a541cf403ff8605243bf333a1764dbb91
                                                          • Instruction ID: 26e513e13f484987e1d46c8d96563fd422ea28e630b437a1bbeeb9dc246c18a8
                                                          • Opcode Fuzzy Hash: b85e7a7fdbdc7ee31b1dcdf41892ef4a541cf403ff8605243bf333a1764dbb91
                                                          • Instruction Fuzzy Hash: 6011CB753C43457BE7615E57EC06E2B3E9CF765A20F04406AFE00AD1F1E971D9509760
                                                          Function 013F5E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • crypto_cert_fingerprint.GETSCREEN-456311346-X86(?), ref: 013F5E1C
                                                            • Part of subcall function 013F576E: crypto_cert_fingerprint_by_hash.GETSCREEN-456311346-X86(?,sha256), ref: 013F5779
                                                          • crypto_cert_issuer.GETSCREEN-456311346-X86(?), ref: 013F5E30
                                                          • crypto_cert_subject.GETSCREEN-456311346-X86(?,?), ref: 013F5E3A
                                                          • certificate_data_new.GETSCREEN-456311346-X86(?,?,00000000,00000000,00000000,?,?), ref: 013F5E4A
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                                          • String ID:
                                                          • API String ID: 1865246629-0
                                                          • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                                          • Instruction ID: 1630365d8a9fedded445624c4c2fe7e06189de914b64cf3b9b01536dfad0b12b
                                                          • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                                          • Instruction Fuzzy Hash: B2E04F75101209BFDF122F6EDC04C9F7EADEF956E8B14812DBE0856130DA71CD1196A0
                                                          Function 01457449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 593 1457449-145745b LoadLibraryA 594 145745d 593->594 595 145745e-14578e4 GetProcAddress * 63 call 146001b 593->595
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(wtsapi32.dll,01457168), ref: 0145744E
                                                          • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 0145746B
                                                          • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 0145747D
                                                          • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 0145748F
                                                          • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 014574A1
                                                          • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 014574B3
                                                          • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 014574C5
                                                          • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 014574D7
                                                          • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 014574E9
                                                          • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 014574FB
                                                          • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 0145750D
                                                          • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 0145751F
                                                          • GetProcAddress.KERNEL32(WTSCloseServer), ref: 01457531
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 01457543
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 01457555
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 01457567
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 01457579
                                                          • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 0145758B
                                                          • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 0145759D
                                                          • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 014575AF
                                                          • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 014575C1
                                                          • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 014575D3
                                                          • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 014575E5
                                                          • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 014575F7
                                                          • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 01457609
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$LibraryLoad
                                                          • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                                          • API String ID: 2238633743-2998606599
                                                          • Opcode ID: b38f5f2a0de4a089c1fdf8598ce5f7d8b52a38f8aa700efad22b506307645337
                                                          • Instruction ID: 83d468cc866cb106209045a3448907df60dd8af8f41ffcdcb28a25e61a403dac
                                                          • Opcode Fuzzy Hash: b38f5f2a0de4a089c1fdf8598ce5f7d8b52a38f8aa700efad22b506307645337
                                                          • Instruction Fuzzy Hash: FBB12BB4D84365EECB3B5F76AC4A84A3FA3F784674340C81AA4845A399DF756050DFE0
                                                          Function 014414E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 700 14414e3-14414fb 701 1441501-1441509 700->701 702 14416dd 700->702 701->702 703 144150f-1441523 freerdp_error_info 701->703 704 14416df-14416e3 702->704 705 14416e4-14416f0 703->705 706 1441529-144152f 703->706 708 14416f2-14416f9 call 144e717 705->708 709 14416fe-144170a call 144e9a3 705->709 706->702 707 1441535-144153c 706->707 710 144154e-144155a call 144e9a3 707->710 711 144153e-1441549 call 144e717 707->711 708->709 718 1441710-1441736 call 144ed82 709->718 719 144158e-1441595 709->719 723 144155c-1441586 freerdp_get_error_info_string call 144ed82 710->723 724 1441589 710->724 711->710 718->719 719->702 725 144159b-14415a3 719->725 723->724 724->719 728 14415a5-14415ad 725->728 729 14415b3-14415ba 725->729 728->702 728->729 730 14415bc-14415c3 call 144e717 729->730 731 14415c8-14415d4 call 144e9a3 729->731 730->731 737 14415d6-14415fd call 144ed82 731->737 738 1441600-1441609 freerdp_reconnect 731->738 737->738 740 144160f-144161c freerdp_get_last_error 738->740 741 144173b-144173e 738->741 743 144161e-1441625 740->743 744 144166b 740->744 741->704 746 1441627-144162e call 144e717 743->746 747 1441633-144163f call 144e9a3 743->747 745 144166d-1441671 744->745 749 1441673-144167a 745->749 750 144167c-1441688 Sleep 745->750 746->747 755 1441667 747->755 756 1441641-1441664 call 144ed82 747->756 749->702 749->750 750->745 753 144168a-144168e 750->753 753->725 758 1441694-144169b 753->758 755->744 756->755 760 144169d-14416a4 call 144e717 758->760 761 14416a9-14416b5 call 144e9a3 758->761 760->761 761->702 767 14416b7-14416da call 144ed82 761->767 767->702
                                                          APIs
                                                          • freerdp_error_info.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,014414DF,?,00000000), ref: 01441519
                                                          • freerdp_get_error_info_string.GETSCREEN-456311346-X86(00000000,?,?,?,?,?,?,014414DF,?,00000000), ref: 0144155D
                                                          • freerdp_reconnect.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,014414DF,?,00000000), ref: 01441601
                                                          • freerdp_get_last_error.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,014414DF,?,00000000), ref: 01441611
                                                          • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,014414DF,?,00000000), ref: 0144167E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                                          • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                                          • API String ID: 968149013-2963753137
                                                          • Opcode ID: 5c6f017b3629e420895e74baeb906e634af6735e237470b9ef15197c0d6e955b
                                                          • Instruction ID: e5226e1ebe6845ab5bee082131f0aefef12c1a98623fca16d043a9162a0ad16a
                                                          • Opcode Fuzzy Hash: 5c6f017b3629e420895e74baeb906e634af6735e237470b9ef15197c0d6e955b
                                                          • Instruction Fuzzy Hash: 9051BA71740306B7FF226A2AEC52F6A2B98BB20F24F18401FF604FA2D1DA75D5D14755
                                                          Function 0140A89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • gdi_get_pixel_format.GETSCREEN-456311346-X86(?,?,?,?,?,0140A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0140A8B3
                                                          • gdi_free.GETSCREEN-456311346-X86(?,?,?,?,?,0140A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0140AA40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: gdi_freegdi_get_pixel_format
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                                          • API String ID: 1251975138-534786182
                                                          • Opcode ID: e92c93c9636338cc8da14aa4f19c000156bc88e9ea0cc3aa3618ab922b56dd54
                                                          • Instruction ID: a6a2f6e96402a035eb04299c68f128198f43fdf05f281c5f424821c8b48822e6
                                                          • Opcode Fuzzy Hash: e92c93c9636338cc8da14aa4f19c000156bc88e9ea0cc3aa3618ab922b56dd54
                                                          • Instruction Fuzzy Hash: DA418675600703AFDB16AF3ADC41B5A77E5BF24214F14843EF5589B2E1EF31A8918B50
                                                          Function 01446C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 826 1446c86-1446ca5 call 14b35f0 829 1446ca7-1446caa 826->829 830 1446cdf-1446cef call 14b35f0 826->830 831 1446cb0-1446cc5 829->831 832 1446d43 829->832 839 1446cf5-1446cfa 830->839 840 1446da3-1446db3 call 14b35f0 830->840 834 1446cc7 831->834 835 1446cca-1446cdd call 144706d 831->835 836 1446d45-1446d49 832->836 834->835 835->836 839->832 842 1446cfc-1446d0b 839->842 848 1446e3d-1446e4d call 14b35f0 840->848 849 1446db9-1446dbe 840->849 844 1447066-1447068 842->844 845 1446d11-1446d20 call 14a5feb 842->845 844->836 845->832 853 1446d22-1446d3a call 14a5ff6 845->853 858 1446e53-1446e58 848->858 859 1446faf-1446fbf call 14b35f0 848->859 849->832 851 1446dc0-1446de0 call 14a5feb 849->851 851->832 863 1446de6-1446def 851->863 864 1446d3c-1446d3d call 14a5f15 853->864 865 1446d4a-1446d4d 853->865 858->832 860 1446e5e-1446e7e call 14a5feb 858->860 859->832 873 1446fc5-1446fca 859->873 860->832 880 1446e84-1446e89 860->880 866 1446df1-1446dfc call 14b3680 863->866 867 1446e19-1446e26 freerdp_device_collection_add 863->867 878 1446d42 864->878 874 1446d73 865->874 875 1446d4f-1446d60 call 14a5ff6 865->875 885 1446e16 866->885 886 1446dfe-1446e0f call 14a5ff6 866->886 867->844 876 1446e2c-1446e32 call 14a5f15 867->876 873->832 881 1446fd0-1446ff0 call 14a5feb 873->881 877 1446d75-1446d82 freerdp_device_collection_add 874->877 875->877 897 1446d62-1446d6a call 14a5f15 875->897 891 1446e37-1446e38 876->891 877->844 884 1446d88-1446da1 call 14a5f15 * 3 877->884 878->832 887 1446f5f-1446f62 880->887 888 1446e8f-1446ea5 call 14a5ff6 880->888 881->832 903 1446ff6-1446fff 881->903 884->832 885->867 886->867 907 1446e11 886->907 895 1446f65-1446f78 freerdp_device_collection_add 887->895 888->864 908 1446eab-1446eae 888->908 898 1446d6b-1446d71 call 14a5f15 891->898 895->844 902 1446f7e-1446faa call 14a5f15 * 5 895->902 897->898 898->878 902->832 910 1447001-1447017 call 14a5ff6 903->910 911 144703d-144704d freerdp_device_collection_add 903->911 907->864 908->887 916 1446eb4-1446eca call 14a5ff6 908->916 910->864 928 144701d-1447020 910->928 911->844 914 144704f-1447061 call 14a5f15 * 2 911->914 914->844 930 1446ecc-1446ed9 call 14a5f15 916->930 931 1446ede-1446ee1 916->931 928->911 933 1447022-1447033 call 14a5ff6 928->933 930->891 931->887 937 1446ee3-1446ef9 call 14a5ff6 931->937 933->911 944 1447035 933->944 947 1446f18-1446f1b 937->947 948 1446efb-1446f12 call 14a5f15 * 2 937->948 944->911 947->895 951 1446f1d-1446f2e call 14a5ff6 947->951 948->947 951->895 957 1446f30-1446f5a call 14a5f15 * 4 951->957 957->832
                                                          APIs
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,?), ref: 01446D79
                                                          • _strlen.LIBCMT ref: 01446DF4
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,00000000), ref: 01446E1D
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,00000000), ref: 01446F6F
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,00000000), ref: 01447044
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_device_collection_add$_strlen
                                                          • String ID: drive$parallel$printer$serial$smartcard
                                                          • API String ID: 2230162058-807955808
                                                          • Opcode ID: 887c39cfa5a16e9dd53710e5ca39a4a924d6a6da4d4a487f672658afd03471a3
                                                          • Instruction ID: 6302e73b6f82dfc24ceabf1e6b7b7fc2ba88ee376254cd675c39dfc39cfafee2
                                                          • Opcode Fuzzy Hash: 887c39cfa5a16e9dd53710e5ca39a4a924d6a6da4d4a487f672658afd03471a3
                                                          • Instruction Fuzzy Hash: 88B1B3715042039BEF15AF1AC85199E7BA5FF36310B16806FF9049F272EF32D9528B90
                                                          Function 013D0E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 966 13d0e1f-13d0e32 967 13d0e34-13d0e3b 966->967 968 13d0e82-13d0e8f call 13d1585 966->968 970 13d0e4d-13d0e59 call 144e9a3 967->970 971 13d0e3d-13d0e48 call 144e717 967->971 975 13d0ee4-13d0f8c call 14a29c0 RtlEnterCriticalSection RtlLeaveCriticalSection 968->975 976 13d0e91-13d0e98 968->976 979 13d0fdf-13d0fe2 970->979 980 13d0e5f-13d0e7d 970->980 971->970 993 13d0ede 975->993 996 13d0f92-13d0f99 975->996 982 13d0eaa-13d0eb6 call 144e9a3 976->982 983 13d0e9a-13d0ea5 call 144e717 976->983 984 13d0ee0-13d0ee3 979->984 985 13d0fd7-13d0fdc call 144ed82 980->985 982->993 994 13d0eb8-13d0edb call 144ed82 982->994 983->982 985->979 993->984 994->993 998 13d0fab-13d0fb7 call 144e9a3 996->998 999 13d0f9b-13d0fa6 call 144e717 996->999 998->979 1005 13d0fb9-13d0fd1 998->1005 999->998 1005->985
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 013D0F64
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 013D0F79
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                                          • API String ID: 3168844106-1571615648
                                                          • Opcode ID: 410838555340992d63afda90b0f419c2dddc75e8d638a77ea00f5fc15ffeaf67
                                                          • Instruction ID: 0d002d4934c931f47bb84ec789f9e10d089ffabf4e35f384b9b5caa766507741
                                                          • Opcode Fuzzy Hash: 410838555340992d63afda90b0f419c2dddc75e8d638a77ea00f5fc15ffeaf67
                                                          • Instruction Fuzzy Hash: 5B41E772A44306ABEB19EF6AEC45B597BE8FF18B28F10401DF618FB191DB74A500CB54
                                                          Function 014042E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1049 14042e5-14043dd call 14b3680 call 145010e CreateFileA GetFileSize call 14a5f30 1059 14043e3-14043f4 ReadFile 1049->1059 1060 1404507-1404514 CloseHandle 1049->1060 1061 1404500-1404506 call 14a5f15 1059->1061 1062 14043fa-14043fd 1059->1062 1061->1060 1062->1061 1063 1404403-1404408 1062->1063 1063->1061 1065 140440e-140448f SetFilePointer SetEndOfFile 1063->1065 1065->1061 1068 1404515-140451e 1065->1068 1069 140469c-14046b0 call 145536b 1068->1069 1072 1404523-140452c call 14b3680 1069->1072 1073 14047b3-14047d8 call 144e9a3 1069->1073 1072->1069 1079 1404532-140454e call 140484b 1072->1079 1073->1061 1080 14047de-14047ed call 14a5fd8 * 2 call 14b3e39 1073->1080 1079->1069 1084 1404554-1404624 call 1404878 call 14b35f0 call 13c8b2e 1079->1084 1084->1061 1097 140462a-140463c call 14a5f30 1084->1097 1097->1069 1097->1073
                                                          APIs
                                                          • _strlen.LIBCMT ref: 014042FA
                                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 01404320
                                                          • GetFileSize.KERNEL32(00000000,?), ref: 0140433A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: File$CreateSize_strlen
                                                          • String ID: %s %hu %s %s %s
                                                          • API String ID: 2645226956-2916857029
                                                          • Opcode ID: 71b3e0884025c80e825bacb09b4321318977eefe4fc2e2c24c285fde64edf8e2
                                                          • Instruction ID: d8899b85d9687a786da8ff493a3d36b346e2446114c149bbc88ed3559c554dc8
                                                          • Opcode Fuzzy Hash: 71b3e0884025c80e825bacb09b4321318977eefe4fc2e2c24c285fde64edf8e2
                                                          • Instruction Fuzzy Hash: F35153B1900215AEEB129FB6DC44ABF77BCEF15620F14453BFA01E62A1EB3599008764
                                                          Function 013D0C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1100 13d0c4d-13d0c61 1101 13d0cb1-13d0cbf call 13d155c 1100->1101 1102 13d0c63-13d0c6a 1100->1102 1109 13d0d15-13d0dc4 call 14a29c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1101->1109 1110 13d0cc1-13d0cc8 1101->1110 1104 13d0c7c-13d0c88 call 144e9a3 1102->1104 1105 13d0c6c-13d0c77 call 144e717 1102->1105 1113 13d0c8e-13d0cac 1104->1113 1114 13d0e17-13d0e1a 1104->1114 1105->1104 1127 13d0d0e 1109->1127 1130 13d0dca-13d0dd1 1109->1130 1116 13d0cda-13d0ce6 call 144e9a3 1110->1116 1117 13d0cca-13d0cd5 call 144e717 1110->1117 1118 13d0e0f-13d0e14 call 144ed82 1113->1118 1119 13d0d10-13d0d14 1114->1119 1116->1127 1128 13d0ce8-13d0d0b call 144ed82 1116->1128 1117->1116 1118->1114 1127->1119 1128->1127 1132 13d0de3-13d0def call 144e9a3 1130->1132 1133 13d0dd3-13d0dde call 144e717 1130->1133 1132->1114 1139 13d0df1-13d0e09 1132->1139 1133->1132 1139->1118
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 013D0D92
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 013D0DB2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                                          • API String ID: 3168844106-4217659166
                                                          • Opcode ID: cd3466c95b9fec816947f74933e0db0e66dc0be952435681c3c177b3b443e94e
                                                          • Instruction ID: 0d19da1515175b0b90ab52fbbd88d780f996f3dcda00779837500d75b15d2594
                                                          • Opcode Fuzzy Hash: cd3466c95b9fec816947f74933e0db0e66dc0be952435681c3c177b3b443e94e
                                                          • Instruction Fuzzy Hash: 33518272A40306AFEB24EF6AEC49F597BE4FB14B64F10401EF644BB291DB74A500CB58
                                                          Function 014D5E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1140 14d5e43-14d5e57 1141 14d5e5e-14d5e64 1140->1141 1142 14d5e59-14d5e5b 1140->1142 1143 14d5e6d-14d5e73 1141->1143 1144 14d5e66-14d5e6b 1141->1144 1142->1141 1146 14d5e76-14d5ea2 call 14baa7a call 14baa94 1143->1146 1144->1143 1145 14d5ee5-14d5ee7 1144->1145 1148 14d5ee9-14d5eec 1145->1148 1159 14d5f3e 1146->1159 1160 14d5ea8-14d5ec8 call 14a29c0 1146->1160 1150 14d5eee-14d5ef0 1148->1150 1151 14d5f0a-14d5f18 call 144e9a3 1148->1151 1150->1151 1154 14d5ef2-14d5ef5 1150->1154 1161 14d5f1a-14d5f3c call 144ed82 1151->1161 1162 14d5f40-14d5f6e call 14baa7a * 4 1151->1162 1154->1151 1155 14d5ef7-14d5efe 1154->1155 1155->1148 1158 14d5f00-14d5f03 1155->1158 1158->1162 1163 14d5f05-14d5f08 1158->1163 1159->1162 1160->1146 1171 14d5eca-14d5ee2 call 14baa7a call 14baa94 1160->1171 1161->1162 1167 14d5f71-14d5f75 1162->1167 1163->1167 1171->1145
                                                          APIs
                                                          Strings
                                                          • YUV buffer not initialized! check your decoder settings, xrefs: 014D5F1A
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 014D5F24
                                                          • avc444_ensure_buffer, xrefs: 014D5F1F
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: __aligned_free
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                                          • API String ID: 733272558-18228272
                                                          • Opcode ID: 8d115e4089e066f20146cf4530721cbab0e6b663dd97ef2d1e8b58749af8e55d
                                                          • Instruction ID: 01f7f22a218bf687f80bc3fb9749d87cc904d45ea46a52483dfc6154247a3b55
                                                          • Opcode Fuzzy Hash: 8d115e4089e066f20146cf4530721cbab0e6b663dd97ef2d1e8b58749af8e55d
                                                          • Instruction Fuzzy Hash: 5841AE71600302AFEF249F2ACCA1A56BBF5FF24214F14887FE6868E670D671E851CB50
                                                          Function 014D3B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1182 14d3b76-14d3b91 freerdp_settings_set_bool 1183 14d3b97-14d3b9e 1182->1183 1184 14d3d20 1182->1184 1183->1184 1186 14d3ba4-14d3ba8 1183->1186 1185 14d3d22-14d3d26 1184->1185 1186->1184 1187 14d3bae-14d3bc1 freerdp_settings_set_string 1186->1187 1187->1184 1188 14d3bc7-14d3bcb 1187->1188 1189 14d3bcd-14d3bd0 1188->1189 1190 14d3bd2 1188->1190 1191 14d3bd5-14d3be5 freerdp_settings_set_string 1189->1191 1190->1191 1191->1184 1192 14d3beb-14d3bef 1191->1192 1193 14d3c0a-14d3c1c freerdp_settings_set_string 1192->1193 1194 14d3bf1-14d3c04 freerdp_settings_set_string 1192->1194 1193->1184 1195 14d3c22-14d3c35 freerdp_settings_set_string 1193->1195 1194->1184 1194->1193 1195->1184 1196 14d3c3b-14d3c4e freerdp_settings_set_string 1195->1196 1196->1184 1197 14d3c54-14d3c58 1196->1197 1198 14d3c5a-14d3c6a freerdp_settings_set_string 1197->1198 1199 14d3c70-14d3c8c freerdp_settings_set_uint32 1197->1199 1198->1184 1198->1199 1199->1184 1200 14d3c92-14d3ca4 freerdp_target_net_addresses_free 1199->1200 1201 14d3d1b-14d3d1e 1200->1201 1202 14d3ca6-14d3cd0 call 14a5feb * 2 1200->1202 1201->1185 1202->1184 1207 14d3cd2-14d3cd4 1202->1207 1207->1184 1208 14d3cd6-14d3cde 1207->1208 1208->1201 1209 14d3ce0-14d3d10 call 14a5ff6 1208->1209 1209->1184 1212 14d3d12-14d3d19 1209->1212 1212->1201 1212->1209
                                                          APIs
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,00000400,00000001), ref: 014D3B87
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000401,00000000), ref: 014D3BB7
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000404,?), ref: 014D3BDB
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000402,00000000), ref: 014D3BFA
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000014,?), ref: 014D3C12
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,000006C1,?), ref: 014D3C2B
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000403,?), ref: 014D3C44
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000015,00000000), ref: 014D3C60
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(?,00000013,?), ref: 014D3C82
                                                          • freerdp_target_net_addresses_free.GETSCREEN-456311346-X86(?), ref: 014D3C93
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                                          • String ID:
                                                          • API String ID: 949014189-0
                                                          • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                                          • Instruction ID: ad28fdd1ddddb83837d7475fb72bceb3b3c1e53b4ffa8c6d7c95b76d11d8c3dc
                                                          • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                                          • Instruction Fuzzy Hash: 1C41C3B1A00716BBFB219F38DC58F967BD4BF14304F04002AEB05966E1E772E462CB96
                                                          Function 01481612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01455CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,01481701,00000001), ref: 01455CF9
                                                          • zgfx_context_new.GETSCREEN-456311346-X86(00000000), ref: 01481874
                                                            • Part of subcall function 014D693A: zgfx_context_reset.GETSCREEN-456311346-X86(00000000,00000000,00000000,?,01481879,00000000), ref: 014D6964
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                                          • API String ID: 3732774510-3243565116
                                                          • Opcode ID: 5cfa2bbb10412cdca9967e9e7285681b793c9fc64667f155471211497470f0c2
                                                          • Instruction ID: 54c0e417ac7576f02a14dd4a1c89ad873147b1a984cb13a1a0934733f347cba9
                                                          • Opcode Fuzzy Hash: 5cfa2bbb10412cdca9967e9e7285681b793c9fc64667f155471211497470f0c2
                                                          • Instruction Fuzzy Hash: 3271A8746947036FE324AF6A9C42B5A77D8FF35A24F10402FF505AB7A0EB74A442CB84
                                                          Function 0140E4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01456B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,0140E59B,00000001,00006060,00000010), ref: 01456B3E
                                                          • GetVersionExA.KERNEL32(?), ref: 0140E5CD
                                                          • GetNativeSystemInfo.KERNEL32(?), ref: 0140E5E7
                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0140E612
                                                          • primitives_get.GETSCREEN-456311346-X86 ref: 0140E6DC
                                                          • CreateThreadpool.KERNEL32(00000000), ref: 0140E6E2
                                                          Strings
                                                          • com.freerdp.codec.rfx, xrefs: 0140E530
                                                          • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 0140E605
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                                          • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                                          • API String ID: 3882483829-2530424157
                                                          • Opcode ID: de00a162b850222d59afd5275329051fd2b7774a37713a2611768307cbd02de2
                                                          • Instruction ID: 7f3e491de9605c2f0c35b6fefb9c71a3e0982ea4f7dd77f9581cf6ad73d75b9a
                                                          • Opcode Fuzzy Hash: de00a162b850222d59afd5275329051fd2b7774a37713a2611768307cbd02de2
                                                          • Instruction Fuzzy Hash: 1641D3B1A00706AFEB249F76CC84B56BBF8FF64600F40443FE509AB2A1DB70D9548B50
                                                          Function 0144E889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0144E8B2
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0144E8D6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                                          • API String ID: 1431749950-225596728
                                                          • Opcode ID: eca99d403f79b1afe87cdad4251e8183aadf6a48af8f9ae44de592a387715a27
                                                          • Instruction ID: c0da88dfa3fba6c8a61a4f38c54ddb40546a5f9f170b298156cfb94ba7c53ab3
                                                          • Opcode Fuzzy Hash: eca99d403f79b1afe87cdad4251e8183aadf6a48af8f9ae44de592a387715a27
                                                          • Instruction Fuzzy Hash: 1921363A2883136AB2657277AC5AE3F0B58FBB2874395002FF105B90E1EEB4840142B1
                                                          Function 013C3971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 013D48D9
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 013D498F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_set_last_error_ex
                                                          • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                                          • API String ID: 270715978-29603548
                                                          • Opcode ID: 6414ef3876fd192b8e82dcb0a6a865079207f255a9e1e9be2e031e7d476470d3
                                                          • Instruction ID: ddfce339aa7d813d48897b1a0c9e789906fadbd9cdda00000164fdea492be788
                                                          • Opcode Fuzzy Hash: 6414ef3876fd192b8e82dcb0a6a865079207f255a9e1e9be2e031e7d476470d3
                                                          • Instruction Fuzzy Hash: FC21EAB3A40305B7EB106A5AEC46FEB7F68BB11A18F04405EFD087E181EAB09540CAA1
                                                          Function 014D58B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_get_tag_string.GETSCREEN-456311346-X86(00000000,?,?,014D5425,?,?,?,?,00000000,?), ref: 014D58FA
                                                          • audio_format_get_tag_string.GETSCREEN-456311346-X86(00000001,00000000,?,?,014D5425,?,?,?,?,00000000,?), ref: 014D5902
                                                          • audio_format_compatible.GETSCREEN-456311346-X86(014D5425,?,?,?,?,014D5425,?,?,?,?,00000000,?), ref: 014D594D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: audio_format_get_tag_string$audio_format_compatible
                                                          • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                                          • API String ID: 204136587-155179076
                                                          • Opcode ID: 7ec05f7492e93af0fe852c4a1e9874f5d2a3e55100329b17e9ad8fb2a59b3a12
                                                          • Instruction ID: 0bc40f687a41c31b6a261efadedb60204b85edba31578a68adea34d755a09cb9
                                                          • Opcode Fuzzy Hash: 7ec05f7492e93af0fe852c4a1e9874f5d2a3e55100329b17e9ad8fb2a59b3a12
                                                          • Instruction Fuzzy Hash: AE21CBB2AC43026AFA245B6AAC66F7723E8AB35674F10001FFB44EE1D0F971A4414269
                                                          Function 01454B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(secur32.dll,?,01454AEC), ref: 01454B18
                                                          • LoadLibraryA.KERNEL32(security.dll,?,01454AEC), ref: 01454B28
                                                          • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 01454B42
                                                          • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 01454B51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryLoadProc
                                                          • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                                          • API String ID: 2574300362-4081094439
                                                          • Opcode ID: 9d662f8efd90c5f73aa4dc8007249b8347428a08d8d0d6a9aa7c2cfe72b62988
                                                          • Instruction ID: e83fbe2b0f4a28122cc68ab774060f5c66925c26af8b1b2e8e04a021b24a5641
                                                          • Opcode Fuzzy Hash: 9d662f8efd90c5f73aa4dc8007249b8347428a08d8d0d6a9aa7c2cfe72b62988
                                                          • Instruction Fuzzy Hash: 87F08977D50366979767EBBEBC0091B3EE8AB885603094257DC44DB219FE71D8418FA0
                                                          Function 013E501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ber_read_universal_tag.GETSCREEN-456311346-X86(?,00000002,00000000), ref: 013E502A
                                                          • ber_read_length.GETSCREEN-456311346-X86(?,?), ref: 013E503F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ber_read_lengthber_read_universal_tag
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                                          • API String ID: 3186670568-2454464461
                                                          • Opcode ID: 55cb7b8097dcabb80e1000226d7830e2f81ee0c4c3755af6e713c3b8cb50a98e
                                                          • Instruction ID: 775f3f16fd2e32ff0f1c9e73508a0feda40099f63b4c241244c4e3901400bb4c
                                                          • Opcode Fuzzy Hash: 55cb7b8097dcabb80e1000226d7830e2f81ee0c4c3755af6e713c3b8cb50a98e
                                                          • Instruction Fuzzy Hash: 2A4146B57043219BEF219E2ACC85B293BE5EF6162DF04816EF555AA2C5E638E500CB60
                                                          Function 01429C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_rects.GETSCREEN-456311346-X86(?,?), ref: 01429C6E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: region16_rects
                                                          • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                                          • API String ID: 844131241-2640574824
                                                          • Opcode ID: febd790eab2eb9e57eb45dd080b97b096ff9df2f669dd1c700332c25bc14cc8f
                                                          • Instruction ID: 7fb2c620f2a44eefe405eb775ee1ece780a5a2dd81906016c23d01bbd6cb2dbc
                                                          • Opcode Fuzzy Hash: febd790eab2eb9e57eb45dd080b97b096ff9df2f669dd1c700332c25bc14cc8f
                                                          • Instruction Fuzzy Hash: 7D31E6B178071276FB31AB5AEC43F7622C9FB24B25F60011FF504AD2D0EEB599815351
                                                          Function 013C2BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013C2C14
                                                          • clearChannelError.GETSCREEN-456311346-X86(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013C2C1B
                                                            • Part of subcall function 013C26E1: ResetEvent.KERNEL32(?), ref: 013C270A
                                                            • Part of subcall function 013D8142: ResetEvent.KERNEL32(?,?,013C2C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013D814E
                                                          Strings
                                                          • freerdp_connect, xrefs: 013C2C01
                                                          • freerdp, xrefs: 013C3062
                                                          • ConnectionResult, xrefs: 013C3077
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 013C2BFC
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                                          • API String ID: 3632380314-3564821047
                                                          • Opcode ID: c2697b0dd1c6c46740dab38af9899a5e52c1786a65d6531a77a93d9d5ceef062
                                                          • Instruction ID: 0e745c90664920119629e9bd174fb47e4af4ab1ce1ed60466c94ad93ace6b1a6
                                                          • Opcode Fuzzy Hash: c2697b0dd1c6c46740dab38af9899a5e52c1786a65d6531a77a93d9d5ceef062
                                                          • Instruction Fuzzy Hash: 7B31B071A00206AFEB10DF7DD884BAABBE8BF18748F14406DE904DB291DB719D54CB50
                                                          Function 013E53FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ber_write_universal_tag.GETSCREEN-456311346-X86(?,00000002,00000000), ref: 013E5415
                                                          • ber_write_length.GETSCREEN-456311346-X86(?,00000001,?,00000002,00000000), ref: 013E541D
                                                          • ber_write_universal_tag.GETSCREEN-456311346-X86(?,00000002,00000000), ref: 013E5440
                                                          • ber_write_length.GETSCREEN-456311346-X86(?,00000002,?,00000002,00000000), ref: 013E5448
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ber_write_lengthber_write_universal_tag
                                                          • String ID:
                                                          • API String ID: 1889070510-0
                                                          • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                                          • Instruction ID: c7e4b95c60e65e236a67edd6ef961486f496aafaec9b1832bbdd8e26500e2378
                                                          • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                                          • Instruction Fuzzy Hash: FD21D639301764EFDB125B08CD45B5A77E5EF21B0DF058459F94B6BAC2C271AA01CFA1
                                                          Function 013ECB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • glyph_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECB79
                                                          • brush_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECB86
                                                          • pointer_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECB94
                                                          • bitmap_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBA2
                                                          • offscreen_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBB0
                                                          • palette_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBBE
                                                          • nine_grid_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBCC
                                                          • cache_free.GETSCREEN-456311346-X86(00000000), ref: 013ECBDE
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                                          • String ID:
                                                          • API String ID: 2332728789-0
                                                          • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                                          • Instruction ID: 931d3088dd2e05e2c8aa24e4c96dcc0cd4bf361fb840555baa5f6e6bae05a92b
                                                          • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                                          • Instruction Fuzzy Hash: 3101D636148B279AFB25AA7E9854D7F7FEC8F52978710443FE580D69C0EF20D001A270
                                                          Function 0140EFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_init.GETSCREEN-456311346-X86(?), ref: 0140F58A
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: region16_init
                                                          • String ID:
                                                          • API String ID: 4140821900-0
                                                          • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                                          • Instruction ID: 65a494be31e174ec0db6009bad5333930b4155cf5084c150f2ceab2002361bdc
                                                          • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                                          • Instruction Fuzzy Hash: B8516E72D0022A9BDB15DFAAC8809EEBBF9FF58304F04452EF519E7290E7359945CB60
                                                          Function 0140AA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_CreateCompatibleDC.GETSCREEN-456311346-X86(?,00000000,?,?,?,0140A9C7,00000000,?,?,?,?,?,?,?,?,0140A899), ref: 0140AAE7
                                                          • gdi_CreateCompatibleBitmap.GETSCREEN-456311346-X86(?,?,?,00000000,?,?,?,0140A9C7,00000000,?,?,?,?), ref: 0140AB0E
                                                          • gdi_CreateBitmapEx.GETSCREEN-456311346-X86(?,?,?,?,?,?,00000000,?,?,?,0140A9C7,00000000,?,?,?,?), ref: 0140AB2A
                                                          • gdi_SelectObject.GETSCREEN-456311346-X86(?,?), ref: 0140AB60
                                                          • gdi_CreateRectRgn.GETSCREEN-456311346-X86(00000000,00000000,00000000,00000000), ref: 0140ABA5
                                                          • gdi_DeleteObject.GETSCREEN-456311346-X86(?), ref: 0140AC39
                                                          • gdi_DeleteDC.GETSCREEN-456311346-X86(?), ref: 0140AC48
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                                          • String ID:
                                                          • API String ID: 412453062-0
                                                          • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                                          • Instruction ID: 63cce1f074c9c2ece95f02c5a47f327dcea178baf18e8a1846ec8f6c2618cfc9
                                                          • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                                          • Instruction Fuzzy Hash: 2A5128752007059FD725DF2AC884EA6BBE0FF2C310B1545BEE98A8BB61E771E8418F40
                                                          Function 0145EA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,01456939,?,?,?,?,01456A0A,?), ref: 0145EABD
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,01456939,?,?,?,?,01456A0A,?,?,00000000), ref: 0145EAE7
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,01456939,?,?,?,?,01456A0A,?,?,00000000), ref: 0145EB14
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,01456939,?,?,?,?,01456A0A,?,?,00000000), ref: 0145EB37
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                                          • API String ID: 1431749950-2760771567
                                                          • Opcode ID: a0c9d86456e2548325667fa3a8785702a909faa9e5a15d20ee358fd535c415b9
                                                          • Instruction ID: f032d0a4054cd2d9d44dea8f28ec7f1cce16725b61798384a81de61c16fc6368
                                                          • Opcode Fuzzy Hash: a0c9d86456e2548325667fa3a8785702a909faa9e5a15d20ee358fd535c415b9
                                                          • Instruction Fuzzy Hash: 4B31D471A05612BB9765AB6A994886FFF68FF60669310001FFD01BB622DB309A11C7B0
                                                          Function 00E48EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(01681278,00E48C90,00E48EC0,00000000), ref: 00E48F0A
                                                          • GetLastError.KERNEL32 ref: 00E48F38
                                                          • TlsGetValue.KERNEL32 ref: 00E48F46
                                                          • SetLastError.KERNEL32(00000000), ref: 00E48F4F
                                                          • RtlAcquireSRWLockExclusive.NTDLL(01681284), ref: 00E48F61
                                                          • RtlReleaseSRWLockExclusive.NTDLL(01681284), ref: 00E48F73
                                                          • TlsSetValue.KERNEL32(00000000,?,?,00000000,00E2B080), ref: 00E48FB5
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                                          • String ID:
                                                          • API String ID: 389898287-0
                                                          • Opcode ID: 295766fb5ad82d29be68130acd63ab8a43a3c2a5d45fdd171d3ebe8d990bf639
                                                          • Instruction ID: fad47223a4868ff03d85b04c58cac2e6c68784c46ffecd15b43261177da04362
                                                          • Opcode Fuzzy Hash: 295766fb5ad82d29be68130acd63ab8a43a3c2a5d45fdd171d3ebe8d990bf639
                                                          • Instruction Fuzzy Hash: B9214370B00209AFDB206FA5FD08BAE3BA9FF16700F485025FC05EA250DB319814CBA1
                                                          Function 0145F61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WS2_32(00000002,00000002,00000011), ref: 0145F673
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01456921,?,?,?,?,01456A0A,?,?,00000000,?,0144E976,00000000), ref: 0145F68A
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01456921,?,?,?,?,01456A0A,?,?,00000000,?,0144E976,00000000), ref: 0145F6AB
                                                          • closesocket.WS2_32(?), ref: 0145F6E6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable$closesocketsocket
                                                          • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                                          • API String ID: 65193492-3368084233
                                                          • Opcode ID: 1616b234c9b7d83fe67655d31574729888fbf023e571d58a5d12d032100f9729
                                                          • Instruction ID: 17b01501afa3be7be4f2edda91fdc002c941a452b7918c3626a3bbbaed71e9f2
                                                          • Opcode Fuzzy Hash: 1616b234c9b7d83fe67655d31574729888fbf023e571d58a5d12d032100f9729
                                                          • Instruction Fuzzy Hash: 6821D131144B026BE3745F7A9C48A177BE4FF50728F14041FFA46DE6B2EBB1A40A8766
                                                          Function 0146001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(winsta.dll,?,014578D9,01707120), ref: 01460023
                                                          • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 0146003C
                                                          • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 01460052
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$LibraryLoad
                                                          • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                                          • API String ID: 2238633743-2382846951
                                                          • Opcode ID: a57336129fd8c1e797d9068119e7a1dc2049dbbbf16aa01dae1cb540517b3af0
                                                          • Instruction ID: 47547d2603e1bed6475c1b767f63b438f61cadba3f767a2592c313bd1bee8347
                                                          • Opcode Fuzzy Hash: a57336129fd8c1e797d9068119e7a1dc2049dbbbf16aa01dae1cb540517b3af0
                                                          • Instruction Fuzzy Hash: AF0108B0641345CFD7189FB5A84DAA63BE8FB04269F1984BAF449CF276DB3180449F16
                                                          Function 013ECB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • glyph_cache_free.GETSCREEN-456311346-X86(?), ref: 013ECB1E
                                                          • brush_cache_free.GETSCREEN-456311346-X86(?,?), ref: 013ECB26
                                                          • pointer_cache_free.GETSCREEN-456311346-X86(?,?,?), ref: 013ECB2E
                                                          • bitmap_cache_free.GETSCREEN-456311346-X86(?,?,?,?), ref: 013ECB36
                                                          • offscreen_cache_free.GETSCREEN-456311346-X86(?,?,?,?,?), ref: 013ECB3E
                                                          • palette_cache_free.GETSCREEN-456311346-X86(?,?,?,?,?,?), ref: 013ECB46
                                                          • nine_grid_cache_free.GETSCREEN-456311346-X86(?,?,?,?,?,?,?), ref: 013ECB4E
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                                          • String ID:
                                                          • API String ID: 637575458-0
                                                          • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                                          • Instruction ID: eb2dd1d02b59838bb7eb51089abe99d7514c15e5564523632b10bd41828a80a3
                                                          • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                                          • Instruction Fuzzy Hash: DDE0E531401726ABCE323F66DC05C4EBBE6AF316557044539F599255F5CB32AC60AE90
                                                          Function 0142DFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_CRgnToRect.GETSCREEN-456311346-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0142E040
                                                          • gdi_RgnToRect.GETSCREEN-456311346-X86(?,?,?,?,?), ref: 0142E04F
                                                          • gdi_CRgnToRect.GETSCREEN-456311346-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0142E062
                                                          • gdi_RgnToRect.GETSCREEN-456311346-X86(?,?,?,?,?), ref: 0142E0A3
                                                          • gdi_CRgnToRect.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,?,?), ref: 0142E0C8
                                                          • gdi_RectToCRgn.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0142E147
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Rectgdi_
                                                          • String ID:
                                                          • API String ID: 2404991910-0
                                                          • Opcode ID: a3a7d0ad135b2cfd4d15dbf644689b296090ff4c71d1344597e6f1e88fc19bb0
                                                          • Instruction ID: 756d97d02f74bfbc78f715e30cc7d91a4d2c4925ae87c63319c0986455ab509d
                                                          • Opcode Fuzzy Hash: a3a7d0ad135b2cfd4d15dbf644689b296090ff4c71d1344597e6f1e88fc19bb0
                                                          • Instruction Fuzzy Hash: E351C675D01229EFCF14CF99C9808EEBBB9FF58710B64442AE515B7260D771AA81CFA0
                                                          Function 01401D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(?,000007C0,?), ref: 01401DA2
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C8,00000001), ref: 01401DCC
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C8,00000000), ref: 01401DE8
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C9,00000000), ref: 01401DFC
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C8,00000000), ref: 01401E19
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C9,00000000), ref: 01401E2D
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                                          • String ID:
                                                          • API String ID: 4272850885-0
                                                          • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                                          • Instruction ID: d86f256e1ec58938df693eee72d9be9fc9b38679009714614028b69e9d8dbdf4
                                                          • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                                          • Instruction Fuzzy Hash: 1D118262F8521375F962206E4C89F6F269D4F61F68F040036FB0CA52D0E9B5EE0284E6
                                                          Function 01428AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_image_copy.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 01428C2B
                                                          Strings
                                                          • freerdp_image_copy_from_icon_data, xrefs: 01428DBA
                                                          • com.freerdp.color, xrefs: 01428D98
                                                          • 1bpp and 4bpp icons are not supported, xrefs: 01428DB5
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 01428DBF
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_image_copy
                                                          • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                                          • API String ID: 1523062921-332027372
                                                          • Opcode ID: 38e65d163116504b8133d7dd7f3c42a1c77b62dc7aa276c4dba80607b71b78bd
                                                          • Instruction ID: 3e8734f0fe218989872b75f088aa77824274f8685af4c444c10b5c45e88574e3
                                                          • Opcode Fuzzy Hash: 38e65d163116504b8133d7dd7f3c42a1c77b62dc7aa276c4dba80607b71b78bd
                                                          • Instruction Fuzzy Hash: C051CBB250022E9ADF149F19CC51BFE7BE8FF54210F4481AEFA14A6290D7708AD5CF64
                                                          Function 01448423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: kbd-lang-list$kbd-list$monitor-list
                                                          • API String ID: 0-1393584692
                                                          • Opcode ID: 0df955a355f84505175ba7bab9157a3cf44e663fdc24198a7fd789f841570a2d
                                                          • Instruction ID: 5be3d05d838548d23a533bd7c5ba648e184df3f8d6915eef8e391fa211e33e50
                                                          • Opcode Fuzzy Hash: 0df955a355f84505175ba7bab9157a3cf44e663fdc24198a7fd789f841570a2d
                                                          • Instruction Fuzzy Hash: 6331A73294121A9BDB60DAA9DD45DCFB7A8AB25314F4501ABFD08A71F1DA70DA40CAE0
                                                          Function 01419962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • interleaved_compress, xrefs: 01419AF5
                                                          • com.freerdp.codec, xrefs: 01419AD0
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 01419AFA
                                                          • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 01419AF0
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                                          • API String ID: 0-4054760794
                                                          • Opcode ID: abc746559ef8b3e5d1f734292fcbf3376badf65f2d9c508c2d1687b8dc4f3aa3
                                                          • Instruction ID: fd67a890ae6bd7bdaf3fc336cf0a18a001f08b64a83d5da8027fa33e69db0340
                                                          • Opcode Fuzzy Hash: abc746559ef8b3e5d1f734292fcbf3376badf65f2d9c508c2d1687b8dc4f3aa3
                                                          • Instruction Fuzzy Hash: 1321C272300206BFFF259E5ADC55FAB3F58FB14698F04412AFA049A278E775E850CB51
                                                          Function 0144E489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453DA3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                                          • API String ID: 689400697-1744466472
                                                          • Opcode ID: 503e2d5b8b1829c5c6f340a1d7e57708851627b6af81fb659d2e25d4412ea010
                                                          • Instruction ID: bacce5039a0f70701a0121f96dbd5e9ded2074cfa8bc0c97107106bd2947878e
                                                          • Opcode Fuzzy Hash: 503e2d5b8b1829c5c6f340a1d7e57708851627b6af81fb659d2e25d4412ea010
                                                          • Instruction Fuzzy Hash: 5721C936280345BBEF225E56EC02DAF3FA9FB54760F044059FF04691B1D672D961E760
                                                          Function 0144E492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453CC8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                                          • API String ID: 689400697-743139187
                                                          • Opcode ID: 244475a0d53a8c16d50b751331d845bbbdb3f96a180fb5aa42fcadbfe2ed436f
                                                          • Instruction ID: 199f08b490cf3c6d068cd088989d832c64d44411d653f1a2c668b6ce296409e3
                                                          • Opcode Fuzzy Hash: 244475a0d53a8c16d50b751331d845bbbdb3f96a180fb5aa42fcadbfe2ed436f
                                                          • Instruction Fuzzy Hash: 3821F672280245BBEF665F56DC02EAB3F79FB64B60F04014AFF00690B1CA72D961D760
                                                          Function 013D11D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 013D11FA
                                                          • getChannelError.GETSCREEN-456311346-X86(?), ref: 013D1248
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ChannelError_strlen
                                                          • String ID: ($ChannelDetached$freerdp
                                                          • API String ID: 3987305115-436519898
                                                          • Opcode ID: e1499e454b03231cbfd0bb136d8937cdf541f185652e272b2af967cb0b6b06cb
                                                          • Instruction ID: 3f3c184fb11b0f06c2a3a2e62005d59e0e064bd25fcb3ed827db900a49b14c63
                                                          • Opcode Fuzzy Hash: e1499e454b03231cbfd0bb136d8937cdf541f185652e272b2af967cb0b6b06cb
                                                          • Instruction Fuzzy Hash: DA2160B1A00209AFDB10DF98D884FAEBBF8FF18344F104469E944EB251D771AA50DBA0
                                                          Function 013D0B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 013D0B64
                                                          • getChannelError.GETSCREEN-456311346-X86(?), ref: 013D0BB2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ChannelError_strlen
                                                          • String ID: ($ChannelAttached$freerdp
                                                          • API String ID: 3987305115-2646891115
                                                          • Opcode ID: 0a6bf907b2b70cb591947218505b16bbe63a8acab1640d878548673a9b684e83
                                                          • Instruction ID: 5b0b6be5c3088b5336e9f47c7733356f030f8230205f9a05e80ac45371c62f84
                                                          • Opcode Fuzzy Hash: 0a6bf907b2b70cb591947218505b16bbe63a8acab1640d878548673a9b684e83
                                                          • Instruction Fuzzy Hash: 65213271A00209EFDF15DF98D884FAEBBF4FF08744F104469F948AB251D770AA509BA0
                                                          Function 0144E401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145384E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                                          • API String ID: 689400697-2008077614
                                                          • Opcode ID: 25efce45eb7aed676a5f64afbcac4db0bd234a74a8d6caaa953b64856cad1dda
                                                          • Instruction ID: 69ace837a122421f3a7bab13952847fbf0f25fe228bb54b2609d7dd6aac29221
                                                          • Opcode Fuzzy Hash: 25efce45eb7aed676a5f64afbcac4db0bd234a74a8d6caaa953b64856cad1dda
                                                          • Instruction Fuzzy Hash: 8611E776380345BBEF665F579C06EAB3FA9FB64B60F00405AFE00691F1D972D9209760
                                                          Function 0144E40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014532F9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                                          • API String ID: 689400697-1172745827
                                                          • Opcode ID: 79df74c9e0bcb1fdb337df1e36f14f0c0282d44834f31da193931c18e5046f49
                                                          • Instruction ID: e3dc7a3a44aaaf6acf5c5711f58c9581a7105bfacf83048e00050da594c111db
                                                          • Opcode Fuzzy Hash: 79df74c9e0bcb1fdb337df1e36f14f0c0282d44834f31da193931c18e5046f49
                                                          • Instruction Fuzzy Hash: 9D11D536380245BBEB265F579C06E6B3FA9FB64760F004059FE00A91A2DE72D96097A0
                                                          Function 0144E413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453227
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                                          • API String ID: 689400697-2657764935
                                                          • Opcode ID: ffca248bbd958d11c1d6409a7b329103b3598a8027eb2fcaa56294a889418b1b
                                                          • Instruction ID: be7bbce8b430b678da136088a22658ea83e39259ab4195162c817bab9687255f
                                                          • Opcode Fuzzy Hash: ffca248bbd958d11c1d6409a7b329103b3598a8027eb2fcaa56294a889418b1b
                                                          • Instruction Fuzzy Hash: CA11D536380345BBEB225F97AC06EAB3F69FBA47A0F004059FE00691E1D972D920D760
                                                          Function 0144E452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014533CB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                                          • API String ID: 689400697-3640258815
                                                          • Opcode ID: f47291131c09950d81305308458585aa0799b3c68df30f562ede2f30e9c45b9c
                                                          • Instruction ID: 56aa5b78394bec0c15c83cd22573728027fec602c197e525847d96f21e7d139a
                                                          • Opcode Fuzzy Hash: f47291131c09950d81305308458585aa0799b3c68df30f562ede2f30e9c45b9c
                                                          • Instruction Fuzzy Hash: 091108393C03457BEB665E57AC06E2B3F58FB61B60F40406AFF00AA1E1D97299518770
                                                          Function 0144E46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145360B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                                          • API String ID: 689400697-848437295
                                                          • Opcode ID: f71b44463e9c6ca632a1188486992877d580851ff15b1968af2a8faf60a06d8f
                                                          • Instruction ID: e2e0f18ea447b93056585a9a0d07bbe26f65dd9e7975ba7288ff9bb1d839e64d
                                                          • Opcode Fuzzy Hash: f71b44463e9c6ca632a1188486992877d580851ff15b1968af2a8faf60a06d8f
                                                          • Instruction Fuzzy Hash: 051104753803457BEB725E57AC06E2B3BACFB61B60F00005EFE04A92E1D972E95087B0
                                                          Function 0144E476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453548
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                                          • API String ID: 689400697-3257054040
                                                          • Opcode ID: ddbb72dbb3a7297fd87a569f08314e67ca4ad23db0af7a7c93b0aad3db8cfd23
                                                          • Instruction ID: 3368ae72fd189e1565ce710289ae94e81e41d396852a0ad5bc391d0a9eebd844
                                                          • Opcode Fuzzy Hash: ddbb72dbb3a7297fd87a569f08314e67ca4ad23db0af7a7c93b0aad3db8cfd23
                                                          • Instruction Fuzzy Hash: 3D11C475380345BBEB765E57AC06F2B3BACFB60B64F00405AFE00AA1E1DD72D9109760
                                                          Function 0144E4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145417E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                                          • API String ID: 689400697-1164902870
                                                          • Opcode ID: 86c5f801217aa0c637d84d616e33609a4bd3cae0325344791e7c417f202fa6ac
                                                          • Instruction ID: 4eb5143b213e64ac487e6faa0af70191060d3955091406da5a9269204ea4358e
                                                          • Opcode Fuzzy Hash: 86c5f801217aa0c637d84d616e33609a4bd3cae0325344791e7c417f202fa6ac
                                                          • Instruction Fuzzy Hash: AA11EB393843457BE7665A57AC06E2B3F6CF765A60F04405EFE00AD1E1ED71DA608770
                                                          Function 0144E4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014540BB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                                          • API String ID: 689400697-247170817
                                                          • Opcode ID: a5a61cee6993e8fe523475963982888d3765816352133584ffe5be5100cbe3fe
                                                          • Instruction ID: edfd380c6de2622cd0a25886b5e4dfcc89ac1a58db5ee247c55b32f007776979
                                                          • Opcode Fuzzy Hash: a5a61cee6993e8fe523475963982888d3765816352133584ffe5be5100cbe3fe
                                                          • Instruction Fuzzy Hash: 7B1108353843457BEB626A17AC06E2B3E9CF7A1A21F04405EFE00AD1E1E972D9508370
                                                          Function 0144E4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01454544
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                                          • API String ID: 689400697-1495805676
                                                          • Opcode ID: 6501ddcedc5f65adc92f9f2b25832103383aff63bdc5e55c2db50be2993e49cf
                                                          • Instruction ID: 067ac17e3aef8ff381b8b67cce90c5351a2c8905ddced36d3a7cb2b077b1da02
                                                          • Opcode Fuzzy Hash: 6501ddcedc5f65adc92f9f2b25832103383aff63bdc5e55c2db50be2993e49cf
                                                          • Instruction Fuzzy Hash: 6C110875380345BBFB615A57AC06E6B3FA8F760A20F44405AFF00AE5E1E971D9508764
                                                          Function 0144E49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01454481
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                                          • API String ID: 689400697-3834539683
                                                          • Opcode ID: 93cc5f7699ba3e0c0df922d0e3d6ab9569f0a2e3fc682ebf01fadf6dd3ab3a50
                                                          • Instruction ID: 3424168a31d0a9c7e0291bf533b6349aadd5908b50cdec7c837c85f5f6f292db
                                                          • Opcode Fuzzy Hash: 93cc5f7699ba3e0c0df922d0e3d6ab9569f0a2e3fc682ebf01fadf6dd3ab3a50
                                                          • Instruction Fuzzy Hash: 891108753C03457BEB615A57AC02E2B3F58F761A20F04805AFF00AD5E2E971DA60D770
                                                          Function 01421A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ncrush_context_reset.GETSCREEN-456311346-X86(00000000,00000000), ref: 01421B36
                                                          Strings
                                                          • com.freerdp.codec, xrefs: 01421AF1
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 01421B19
                                                          • ncrush_context_new: failed to initialize tables, xrefs: 01421B0F
                                                          • ncrush_context_new, xrefs: 01421B14
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ncrush_context_reset
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                                          • API String ID: 2838332675-904927664
                                                          • Opcode ID: 1e302b47c87af03a1215c5286d4857f0032a70921b019e8eab964867c11329cb
                                                          • Instruction ID: 6b6acb0a4fdb79b7bc31d59ab6246d872c390b2ffb17f01fa0000a6c0e4264c0
                                                          • Opcode Fuzzy Hash: 1e302b47c87af03a1215c5286d4857f0032a70921b019e8eab964867c11329cb
                                                          • Instruction Fuzzy Hash: 8E1129B22007033AE705AB17DC41F97BB6CFB20B60F40411EF5149A290EFB2999086A1
                                                          Function 0144E4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453F3E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                                          • API String ID: 689400697-3211427146
                                                          • Opcode ID: 96e4944d6e06ab73719109ff7e89fe1441e0d389b26dcd5ff93b9f8f309b8593
                                                          • Instruction ID: dd4f6da10cbfe934f116f21eaa88847f26dd3fd8612801cdc2cc1f2f7a277f86
                                                          • Opcode Fuzzy Hash: 96e4944d6e06ab73719109ff7e89fe1441e0d389b26dcd5ff93b9f8f309b8593
                                                          • Instruction Fuzzy Hash: E611EB76384341BBE7625B57AC12E2B3F6DF765B60F00415EFA40AA1E1D971D9108360
                                                          Function 0144E4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453E7E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                                          • API String ID: 689400697-2578917824
                                                          • Opcode ID: bbb181bd06531ccd7dac5d818228e5dc8d2876383ce651b45e51d7d1e559f16d
                                                          • Instruction ID: e64101beeaff6aeec5b05c993ffcfe26bd40f0672d23be24eba929e19164ca13
                                                          • Opcode Fuzzy Hash: bbb181bd06531ccd7dac5d818228e5dc8d2876383ce651b45e51d7d1e559f16d
                                                          • Instruction Fuzzy Hash: 8611EB76380341BBE7625A57AC02E2F3BACF765B71F00415EFA00A91E1D972D9109360
                                                          Function 0144E4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145378E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                                          • API String ID: 689400697-3754301720
                                                          • Opcode ID: cec96d05a279358ab10b475523a5ef326a54290e1740bced73ba2eba89a86502
                                                          • Instruction ID: ff1c6abd658bdf0ef7427c1b7a43b2acd2679de9aa788735e782d63c03a68264
                                                          • Opcode Fuzzy Hash: cec96d05a279358ab10b475523a5ef326a54290e1740bced73ba2eba89a86502
                                                          • Instruction Fuzzy Hash: 3E11C4753803417BE7665B5BAC06E2B3B9CF7A1B60F04405AFE10A91E1D971D95087A0
                                                          Function 0144E4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014536CE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                                          • API String ID: 689400697-3413647607
                                                          • Opcode ID: 99d07ecf36a7e90d863ecde5aee4c35724953abcd883c1d8374d5c6ea931160a
                                                          • Instruction ID: a6c7bd4fd7231a991ba72acd530ff9d1c58004f43434530fd5ee7496ae417ead
                                                          • Opcode Fuzzy Hash: 99d07ecf36a7e90d863ecde5aee4c35724953abcd883c1d8374d5c6ea931160a
                                                          • Instruction Fuzzy Hash: CC11E7B53803817BE7625A5BEC46E2B3B9CFB61B60F44405EFE00AD1E1D971D9108760
                                                          Function 0142954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_image_copy.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 014295B5
                                                          Strings
                                                          • com.freerdp.color, xrefs: 014295C8
                                                          • SmartScaling requested but compiled without libcairo support!, xrefs: 014295E6
                                                          • freerdp_image_scale, xrefs: 014295EB
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 014295F0
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_image_copy
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                                          • API String ID: 1523062921-212429655
                                                          • Opcode ID: b3f0d8b7d78f18a9131946a34291f99612321431ad4a991177f50fc09f028f34
                                                          • Instruction ID: eedc5f6e071fa6ba84524288ca06f60671daed6d046b07143421adcccbece671
                                                          • Opcode Fuzzy Hash: b3f0d8b7d78f18a9131946a34291f99612321431ad4a991177f50fc09f028f34
                                                          • Instruction Fuzzy Hash: E121E7B2340209BBEF15DE14CC12FAE3795FB14704F44410AFD049A260E731D5A1DB40
                                                          Function 0144E440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01452FF0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                                          • API String ID: 689400697-1149382491
                                                          • Opcode ID: 1af76a8db532be211a5fdc0657ea6473082dd88a3db211c380280deae39f2658
                                                          • Instruction ID: 02ef7bb2c6737a6f07962269954f19d10cd8a75e737bfa82fa6fb86822cef1be
                                                          • Opcode Fuzzy Hash: 1af76a8db532be211a5fdc0657ea6473082dd88a3db211c380280deae39f2658
                                                          • Instruction Fuzzy Hash: 4C1194753843417BE7755A2BAC06E6B3F9CBB61F60F00405AFF04AA1E1D972995092A0
                                                          Function 0144E449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01452F33
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                                          • API String ID: 689400697-255015424
                                                          • Opcode ID: 4a1c7693d95a2b4c7409452c167f7dc4d461e1117550881e1c9cd926391752c5
                                                          • Instruction ID: 4b03805e5dbad31aac37607c56827bf088c79c65b0b44b25af8f142e065f28f6
                                                          • Opcode Fuzzy Hash: 4a1c7693d95a2b4c7409452c167f7dc4d461e1117550881e1c9cd926391752c5
                                                          • Instruction Fuzzy Hash: 8D11C476384341BBE7255657AC16E2B3F9CF765A20F00405BFA04AD1E1D9A299509360
                                                          Function 0144E41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453920
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                                          • API String ID: 689400697-2845897268
                                                          • Opcode ID: f67b7a5058de13935bb27103dc601cf6bb5a837dede88ec5de169c27c5ad56d6
                                                          • Instruction ID: ad269b274fbcd56f81ee0bdc69fac9d2b6be523a74ad6ef53c56892623e2e2ff
                                                          • Opcode Fuzzy Hash: f67b7a5058de13935bb27103dc601cf6bb5a837dede88ec5de169c27c5ad56d6
                                                          • Instruction Fuzzy Hash: 92110AB53C03457BF7615A1BAC06E2B7FACFBA0BA0F00415EFA00AE1E1D971D91087A0
                                                          Function 0144E425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014539DD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                                          • API String ID: 689400697-1972714555
                                                          • Opcode ID: daf50e3389473f3a59e65c4f858d18d1d4b8158d7f142ae0ab005b74addeba90
                                                          • Instruction ID: befd7519ff75c350919fd037324fe7db6d42781035fa1d1c2ae6007db96cfb99
                                                          • Opcode Fuzzy Hash: daf50e3389473f3a59e65c4f858d18d1d4b8158d7f142ae0ab005b74addeba90
                                                          • Instruction Fuzzy Hash: 1E11CA753C03417BE7655A5BAC16E2B3F6CFBA1B60F00415EFA00AE1E1E9719D1087B0
                                                          Function 0144E4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453FFE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                                          • API String ID: 689400697-2156878011
                                                          • Opcode ID: 674543aa227707637710f028dfa3064fbae0a3c222fd7a814551dfd9ff5988c7
                                                          • Instruction ID: 9a8b6b7a661a1306c0bfb262a0d1e6cd535f3783f6be308451dde48636dd093f
                                                          • Opcode Fuzzy Hash: 674543aa227707637710f028dfa3064fbae0a3c222fd7a814551dfd9ff5988c7
                                                          • Instruction Fuzzy Hash: C811CA753803457BE7B5565BAC06F2B3B9CF7A1F24F04415EFA04AE1E2E9A2D95083B0
                                                          Function 0144E4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145316A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                                          • API String ID: 689400697-3351603741
                                                          • Opcode ID: 08a6709681c36d901a542c501d63930f25adad456389db14afcb80a37ffe27aa
                                                          • Instruction ID: 56c02abd10f5c35132314d903e73e7efe1bf50f43162c4b3d09317263971ed53
                                                          • Opcode Fuzzy Hash: 08a6709681c36d901a542c501d63930f25adad456389db14afcb80a37ffe27aa
                                                          • Instruction Fuzzy Hash: AB11E7363C03457BE7656B57AC06E2B3F6CF761B60F00405AFE00A91E2D972E9108760
                                                          Function 0144E4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014530AD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                                          • API String ID: 689400697-2261828479
                                                          • Opcode ID: 51793a9f096ffdbdcfa6b4b41ce7d7a8e043750a028f4a0e58f685fe4e025df9
                                                          • Instruction ID: 41d252247832fe8cc28d35a58389de42201eb74eaf1db32a89059f99a7a0fc68
                                                          • Opcode Fuzzy Hash: 51793a9f096ffdbdcfa6b4b41ce7d7a8e043750a028f4a0e58f685fe4e025df9
                                                          • Instruction Fuzzy Hash: 0C11E7653803417BE7615A27AC07E6B3AACF765B60F00405AFA10AA1E2D9A2DA5082B0
                                                          Function 0144E507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453A9A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                                          • API String ID: 689400697-4185332897
                                                          • Opcode ID: 352e028ffa95922197ac71e95caea3562dc87f3171a2298c8dfacca8b8dda9ba
                                                          • Instruction ID: 9eade1c11960b647454bc1463213784feda400d4cf8cfa2bf080523c0e7d3a1b
                                                          • Opcode Fuzzy Hash: 352e028ffa95922197ac71e95caea3562dc87f3171a2298c8dfacca8b8dda9ba
                                                          • Instruction Fuzzy Hash: 0511C6757803417BE7665A1BAC07E2B3B9CFBA1B60F40415EFA04AA1E2DDA1991086A0
                                                          Function 0144E510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145348E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                                          • API String ID: 689400697-3116451197
                                                          • Opcode ID: 62663f0dbe6eab3ae894e164f9391b4513d2bd16bef91fbe3b517d6695a15fa0
                                                          • Instruction ID: c8bc451756e359d873216dd3174bf3d10a261ecf92130a7143e706e3fa979e5b
                                                          • Opcode Fuzzy Hash: 62663f0dbe6eab3ae894e164f9391b4513d2bd16bef91fbe3b517d6695a15fa0
                                                          • Instruction Fuzzy Hash: B811C6793C03417BE6765A2BAC07F2B3E9CF7A1B60F44416AFA00AA1E1D971E9508264
                                                          Function 0144E45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453B54
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                                          • API String ID: 689400697-1791514552
                                                          • Opcode ID: 5ec3750403b8aa7f4fd4347fd14e0ab7cd6f3e109c662363be95c03a2d6e4360
                                                          • Instruction ID: 3b09d724780f055be0a40d91730d2081f723d5589ec4e32fc032937c991763ff
                                                          • Opcode Fuzzy Hash: 5ec3750403b8aa7f4fd4347fd14e0ab7cd6f3e109c662363be95c03a2d6e4360
                                                          • Instruction Fuzzy Hash: F711CA753803417BE7665A5BAC07E2B3E5CFBA1B60F40409AFA00AE1E2DD61DA1087B4
                                                          Function 0144E464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453C0E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                                          • API String ID: 689400697-4242683877
                                                          • Opcode ID: e60ad098f148530a9a69be8d6b28ba8669356d792e5206385a53a8e0be727f57
                                                          • Instruction ID: 77a0f5b43b68ccf1a1e3443b0254332dd7c20a21a5168e49415e5d1e66dd47f0
                                                          • Opcode Fuzzy Hash: e60ad098f148530a9a69be8d6b28ba8669356d792e5206385a53a8e0be727f57
                                                          • Instruction Fuzzy Hash: 27118A663803417BE6665A1BAC46E6B3F5CF7A1B60F44405EFE00AA1F2D961DA518260
                                                          Function 0144E4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01454241
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                                          • API String ID: 689400697-954186549
                                                          • Opcode ID: 84416c140eea776d4b6ef2c22634e07629c9e86f520886d7c80ce62e9788a761
                                                          • Instruction ID: ef133af83475c277facec5d01af2c06b80cd73c6a227d6769444818373351191
                                                          • Opcode Fuzzy Hash: 84416c140eea776d4b6ef2c22634e07629c9e86f520886d7c80ce62e9788a761
                                                          • Instruction Fuzzy Hash: 7811E3653843417BF625571BBC06E2B3B9CF7A1AA0F04005EBE00AE1E2E9A19A908660
                                                          Function 014D65C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • primitives_get.GETSCREEN-456311346-X86 ref: 014D65CB
                                                          Strings
                                                          • com.freerdp.codec, xrefs: 014D660B
                                                          • yuv_process_work_callback, xrefs: 014D662E
                                                          • error when decoding lines, xrefs: 014D6629
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 014D6633
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: primitives_get
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                                          • API String ID: 2017034601-2620645302
                                                          • Opcode ID: 5a32ec7c5276a02411430156da0b55e005c8f729135ff9ef2ca69d773e192f1b
                                                          • Instruction ID: d3521c6faee46dec4b8cc3d53f6cfa67f20cc7ed8a2cc5b1f381d88f6f2d11bf
                                                          • Opcode Fuzzy Hash: 5a32ec7c5276a02411430156da0b55e005c8f729135ff9ef2ca69d773e192f1b
                                                          • Instruction Fuzzy Hash: 190196B1A40306AFEB18DF59DC11F5ABBA8FF18614F00415EFA08DA391E775E5408B98
                                                          Function 014D1D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %zd;NAME=%s%zd;PASS=%s
                                                          • API String ID: 4218353326-3114484625
                                                          • Opcode ID: bed660dc8c6aae7d3885444ad59dbbca4ec69931807c1d36eb0dc3be92c9c024
                                                          • Instruction ID: 811317e2f5102232e465694c0a4cc7b0c021710ccf1800947d909e5ffc3fad6c
                                                          • Opcode Fuzzy Hash: bed660dc8c6aae7d3885444ad59dbbca4ec69931807c1d36eb0dc3be92c9c024
                                                          • Instruction Fuzzy Hash: 94016975E00208BFDF14AFE9CD82ADD7BB4EF24204F00886FEE099A321E6759651DB51
                                                          Function 01429EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_extents.GETSCREEN-456311346-X86(?), ref: 01429F06
                                                          • region16_extents.GETSCREEN-456311346-X86(?,?), ref: 01429F12
                                                          • region16_n_rects.GETSCREEN-456311346-X86(?,?,?), ref: 01429F1D
                                                          • region16_n_rects.GETSCREEN-456311346-X86(?), ref: 01429F7D
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: region16_extentsregion16_n_rects
                                                          • String ID:
                                                          • API String ID: 2062899502-0
                                                          • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                                          • Instruction ID: 57583f0ac1c11f94375199a52b830c45b984012192a16bfdfc0873ba48904430
                                                          • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                                          • Instruction Fuzzy Hash: 4D510975D0012A9BCB14DF9AC8408BEF7F5FF18750B55816AE859E7360E334AE80CBA4
                                                          Function 014D408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strncpy
                                                          • String ID:
                                                          • API String ID: 2961919466-0
                                                          • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                                          • Instruction ID: bd75df41f64d6d37e0f2746945accb1275dea98b467ebac838425d25c7f9ba9e
                                                          • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                                          • Instruction Fuzzy Hash: 2C1166B9400707BEDB319E65D844B93FBBCEF24208F04492BE59947A21F335A559C7B1
                                                          Function 00E48E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(01681278,00E48C90,00E48EC0,00000000), ref: 00E48E6A
                                                          • GetLastError.KERNEL32 ref: 00E48E7F
                                                          • TlsGetValue.KERNEL32 ref: 00E48E8D
                                                          • SetLastError.KERNEL32(00000000), ref: 00E48E96
                                                          • TlsAlloc.KERNEL32 ref: 00E48EC3
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastOnce$AllocExecuteInitValue
                                                          • String ID:
                                                          • API String ID: 2822033501-0
                                                          • Opcode ID: 243f34271b8d83755ff18124d69411a36997f96786ab40f78724c4de45c0276c
                                                          • Instruction ID: 12cf3be7a108dea2ea98ebd1efe76e5261904a6afa32a459dcd93c37812268e2
                                                          • Opcode Fuzzy Hash: 243f34271b8d83755ff18124d69411a36997f96786ab40f78724c4de45c0276c
                                                          • Instruction Fuzzy Hash: 8A01D675600208AFCB209FB5FD48A6E7BB8FB49724F44522AF815E7254EB309950CB60
                                                          Function 00E2A790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                                          • API String ID: 4218353326-3992632484
                                                          • Opcode ID: 7629a106f86705fe7ddce6dac267f68f724fac2ab8d32dc3095cadec079eaa1a
                                                          • Instruction ID: 2d735040daabfdba5fa7255f694f662cfa0d11e4719cda37b2ae479139e91d63
                                                          • Opcode Fuzzy Hash: 7629a106f86705fe7ddce6dac267f68f724fac2ab8d32dc3095cadec079eaa1a
                                                          • Instruction Fuzzy Hash: DD416572F0036617EB285A11EC45BBA7328BBE5348F585239ED44F6281EB708A45C2D2
                                                          Function 014D49E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_print.GETSCREEN-456311346-X86(?,?,?), ref: 014D4A72
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: audio_format_print
                                                          • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                                          • API String ID: 2744001552-3527835062
                                                          • Opcode ID: 2409f8c0966bfc65bf32eb4b8c807f90c792909cc67defaae08163f67d965dac
                                                          • Instruction ID: 85c388d00a52159265b6a4502500ad0534b996baa0bc40fd6380bd28806934e5
                                                          • Opcode Fuzzy Hash: 2409f8c0966bfc65bf32eb4b8c807f90c792909cc67defaae08163f67d965dac
                                                          • Instruction Fuzzy Hash: 12110A7274031737EE15AE5B5C45FBF2B9CBF71A60F44000FF91476690E6B5D60182A6
                                                          Function 0144783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: audin$rdpsnd
                                                          • API String ID: 0-930729200
                                                          • Opcode ID: 8526ed866b00b97359503a2e0a2c018125addf1c4233c84401857a9f73a6bec9
                                                          • Instruction ID: 16112ad4c557c6162b71869dd7edc0329d68ead6feb3d61a3084642416ff1639
                                                          • Opcode Fuzzy Hash: 8526ed866b00b97359503a2e0a2c018125addf1c4233c84401857a9f73a6bec9
                                                          • Instruction Fuzzy Hash: 51119031A00A56AFFB25CF79C88069BF7A4BB04B42F14822FE15856250D7706591CBD1
                                                          Function 01404029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 0140403A
                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 01404060
                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 01404076
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: File$CreatePointer_strlen
                                                          • String ID: %s %hu %s %s %s
                                                          • API String ID: 4211031630-2916857029
                                                          • Opcode ID: 0f21191b1a5bffb58ac269c527e2d7e17038fecd513a243800543f875e4a25cd
                                                          • Instruction ID: beccf4959724a546bf87bcd6c2e1356ebf50b84683777d6b698eb897f7b34dd5
                                                          • Opcode Fuzzy Hash: 0f21191b1a5bffb58ac269c527e2d7e17038fecd513a243800543f875e4a25cd
                                                          • Instruction Fuzzy Hash: 4001A235201120BBDB212A67DC4EEA77F69EF46774F188169FA189D0E2D732C812D7B0
                                                          Function 014D4701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_get_tag_string.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?), ref: 014D4737
                                                          Strings
                                                          • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 014D473E
                                                          • audio_format_print, xrefs: 014D4743
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 014D4748
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: audio_format_get_tag_string
                                                          • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                                          • API String ID: 2866491501-3564663344
                                                          • Opcode ID: 9f0e1113347424a3c5a3b16a3583c4723ba32845a9a0b716a9dd642740e4db35
                                                          • Instruction ID: 161ee4494b94c1e77d5c3c3900d8dc17b310c824fac2691c47a341085ddaf7c1
                                                          • Opcode Fuzzy Hash: 9f0e1113347424a3c5a3b16a3583c4723ba32845a9a0b716a9dd642740e4db35
                                                          • Instruction Fuzzy Hash: 94F090B5140309BAEB041F42CC05E3637AEFB28A14F24804EFD5C9C0A1E67BD9A2E320
                                                          Function 013C2713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_get_last_error.GETSCREEN-456311346-X86(?), ref: 013C2725
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 013C2745
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 013C2734
                                                          • freerdp_abort_connect, xrefs: 013C2739
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                                          • API String ID: 3690923134-629580617
                                                          • Opcode ID: c38413d95935334a82e2a979f28e40316f98672cf8ed5ef01883af3724f4ef62
                                                          • Instruction ID: c0b16ded859ca7d7ce3d73cc53bf3acae8a7141d436e2b5c118c4185798bf7b9
                                                          • Opcode Fuzzy Hash: c38413d95935334a82e2a979f28e40316f98672cf8ed5ef01883af3724f4ef62
                                                          • Instruction Fuzzy Hash: 70E04835240215EEEA317D29EC42B56B794BF10F98F14442DE5C47A452E7615D509780
                                                          Function 014D632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • primitives_get.GETSCREEN-456311346-X86 ref: 014D633F
                                                          • primitives_flags.GETSCREEN-456311346-X86(00000000), ref: 014D6353
                                                          • TpWaitForWork.NTDLL(00000000,00000000), ref: 014D64A9
                                                          • TpReleaseWork.NTDLL(00000000), ref: 014D64B2
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                                          • String ID:
                                                          • API String ID: 704174238-0
                                                          • Opcode ID: 3ed38785020e4f42a9ebae45f235c30e670755e173176719b7a80c5b6f5d9577
                                                          • Instruction ID: d8b8e72589722bc6c0b0ae1b2c459890f7e5656f7506fcf5d3af664fbbc2dcaf
                                                          • Opcode Fuzzy Hash: 3ed38785020e4f42a9ebae45f235c30e670755e173176719b7a80c5b6f5d9577
                                                          • Instruction Fuzzy Hash: 196149B5A0020ADFCB04CF68C9919AEBBF5FF58310B15816AE919EB360D730E951CF90
                                                          Function 0142C297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_SetRgn.GETSCREEN-456311346-X86(?,?,?,?,00000000,00000001,?,?), ref: 0142C324
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: gdi_
                                                          • String ID:
                                                          • API String ID: 2273374161-0
                                                          • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                                          • Instruction ID: 55e7c15743db970b6f1594ef9ca06db43b769c35a2014fd0f1afc2cf39ee8575
                                                          • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                                          • Instruction Fuzzy Hash: F331ED71900219EFDB10DF99C98499EBBF9FF58210F54846AE905E7220D335EA85CFA0
                                                          Function 01455C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 01455C16
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01455C34
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01455C54
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01455C9A
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$Leave$Enter
                                                          • String ID:
                                                          • API String ID: 2978645861-0
                                                          • Opcode ID: 15dbb0a6cc46870c6448d3d650ca677825dc2ee365ddc63afed0c9d0cdc7f8dd
                                                          • Instruction ID: c0cb211ec5c19cbb94f36a38594878d4d6824cf48030376a1d3a49bec5ffb886
                                                          • Opcode Fuzzy Hash: 15dbb0a6cc46870c6448d3d650ca677825dc2ee365ddc63afed0c9d0cdc7f8dd
                                                          • Instruction Fuzzy Hash: F021AF31500605EFDB228F18C984A7A7BF4FF45361F15466EE982EB362D770B941CB50
                                                          Function 014AB6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 014BF42C: GetLastError.KERNEL32(00000000,?,014A5FDD,014BF0E3,?,?,0144F77A,0000000C,?,?,?,?,013C27D2,?,?,?), ref: 014BF581
                                                            • Part of subcall function 014BF42C: SetLastError.KERNEL32(00000000,00000006), ref: 014BF623
                                                          • CloseHandle.KERNEL32(?,?,?,014AB817,?,?,014AB689,00000000), ref: 014AB711
                                                          • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,014AB817,?,?,014AB689,00000000), ref: 014AB727
                                                          • RtlExitUserThread.NTDLL(?,?,?,014AB817,?,?,014AB689,00000000), ref: 014AB730
                                                          • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 014AB76E
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                                          • String ID:
                                                          • API String ID: 1062721995-0
                                                          • Opcode ID: 2fd308f7b6b05e4d791c0ab7d1288c6aef252d971dfdf95219fff07550e36921
                                                          • Instruction ID: 24bcf1241f73a6f9d5c3834d3ec05c3beb032fd50a4cbaa5a261546cbe44cd27
                                                          • Opcode Fuzzy Hash: 2fd308f7b6b05e4d791c0ab7d1288c6aef252d971dfdf95219fff07550e36921
                                                          • Instruction Fuzzy Hash: 3311D6B5500214BBD7209B6ADC04E9B7FE8DFA0760F59412AFA19CB3B1DB70D905C7A0
                                                          Function 01429BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_rects.GETSCREEN-456311346-X86(?,00000000), ref: 01429BDC
                                                          • region16_extents.GETSCREEN-456311346-X86(?), ref: 01429BEC
                                                          • rectangles_intersects.GETSCREEN-456311346-X86(00000000,?), ref: 01429BF7
                                                            • Part of subcall function 014297FD: rectangles_intersection.GETSCREEN-456311346-X86(?,?,?), ref: 0142980C
                                                          • rectangles_intersects.GETSCREEN-456311346-X86(00000000,?), ref: 01429C1A
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                                          • String ID:
                                                          • API String ID: 3854534691-0
                                                          • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                                          • Instruction ID: 773cd055153f210c908286622c1653d18028a9ee15c7d73233f819f5d7e4e4ae
                                                          • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                                          • Instruction Fuzzy Hash: F501C83351423959AB359A5BD48067BE7DCDF50578F94401FE91897160E735ECC1C1A8
                                                          Function 01441F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_new.GETSCREEN-456311346-X86 ref: 01441F56
                                                          • freerdp_context_new.GETSCREEN-456311346-X86(00000000,00000000,?,?), ref: 01441FA4
                                                          • freerdp_register_addin_provider.GETSCREEN-456311346-X86(?,00000000), ref: 01441FC7
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                                          • String ID:
                                                          • API String ID: 3731710698-0
                                                          • Opcode ID: 08274451eca7c746d51be73bad34e30589af24fbdf3b3d40b8a38c2f5ee396b0
                                                          • Instruction ID: 5c725d1c3c3cafbb9f6b61a652bf36691b517c4804df82ada2ffced74ca21d3e
                                                          • Opcode Fuzzy Hash: 08274451eca7c746d51be73bad34e30589af24fbdf3b3d40b8a38c2f5ee396b0
                                                          • Instruction Fuzzy Hash: 2D11A331604B036BF725AF6AD810B97BBA9BFB0A20F10441FE55987360EB71F491C790
                                                          Function 014D621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: __aligned_free
                                                          • String ID:
                                                          • API String ID: 733272558-0
                                                          • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                                          • Instruction ID: d390ab688f61d6956ce9ce6f1729c7c2aea98ecec28d58053cbda9b5b36fcda5
                                                          • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                                          • Instruction Fuzzy Hash: EBE04F31401B157FCE717B66CD4099BBB99BF38605705041AF54657630C671A8519BF0
                                                          Function 013D6AF2 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_free.GETSCREEN-456311346-X86(00000000), ref: 013D7326
                                                            • Part of subcall function 013D7F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 013D7FCC
                                                            • Part of subcall function 013D7F9B: freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000680,?), ref: 013D7FFC
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(00000000,00000086,?), ref: 013D6D8C
                                                          Strings
                                                          • C:\Windows\System32\mstscax.dll, xrefs: 013D6F3F
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                                          • String ID: C:\Windows\System32\mstscax.dll
                                                          • API String ID: 2334115954-183970058
                                                          • Opcode ID: 6e8571f8a11e5ce580e180c7e569d682c8d5979f882fbd231229c80a1dd4186c
                                                          • Instruction ID: b030047c6548788dc1a4a47491d976e5ff148eebe76f0b33012df90c83632212
                                                          • Opcode Fuzzy Hash: 6e8571f8a11e5ce580e180c7e569d682c8d5979f882fbd231229c80a1dd4186c
                                                          • Instruction Fuzzy Hash: 40E1D8B1504F009EE324DF39D885B93BBE4FF18315F51592EE5AE8B390DBB1A5808B48
                                                          Function 0142D99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Rectgdi_
                                                          • String ID:
                                                          • API String ID: 2404991910-3916222277
                                                          • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                                          • Instruction ID: 05c2b5a8f4b20ddf0fdaa026479162dc29bc881a85a1e13355e10600904ed777
                                                          • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                                          • Instruction Fuzzy Hash: 1051D27340015ABBDF02DE94CD50DEB7BAEBF18244F49425AFF1991120E732E5A1ABA1
                                                          Function 014568CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,01456A0A,?,?,00000000,?,0144E976,00000000), ref: 0145697B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalInitializeSectionSpin
                                                          • String ID: %s: unknown handler type %u$WLog_Appender_New
                                                          • API String ID: 2593887523-3466059274
                                                          • Opcode ID: 79078ed7b703a6d1b333c5b6fa80ffae2d1e83e0c234fee6d7bfe6da8d797fcc
                                                          • Instruction ID: 976f1f4ccb865136b0407b6e0bc430ac84fc18e5028f865319658ab03eea2c06
                                                          • Opcode Fuzzy Hash: 79078ed7b703a6d1b333c5b6fa80ffae2d1e83e0c234fee6d7bfe6da8d797fcc
                                                          • Instruction Fuzzy Hash: 8E11293254820266A7E2797E9C44DFFAB78AB72931B86001FFD05A6277DA30D50251A2
                                                          Function 013C3FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %s%s-client.%s$DeviceServiceEntry
                                                          • API String ID: 0-2733899524
                                                          • Opcode ID: 722feb938e4196542e78d67095800f5f2954a104e8b13fb0e2598bbec4ef1c89
                                                          • Instruction ID: 6e5ef91eacafc54b7a4ac56979313972ee4f1b40f7b63b915f39234d23fdb391
                                                          • Opcode Fuzzy Hash: 722feb938e4196542e78d67095800f5f2954a104e8b13fb0e2598bbec4ef1c89
                                                          • Instruction Fuzzy Hash: 96119476A002196BFB109E9DD891AAF7BACEF90E58F04401EFE14D7241D771DD018B90
                                                          Function 0144EBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,0144E987), ref: 0144EBF6
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,0144E987), ref: 0144EC1A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WLOG_FILTER
                                                          • API String ID: 1431749950-2006202657
                                                          • Opcode ID: 1410538585b297246eeec047fc2fd4fc8b4e5c51f19380e7725ddd37af6d6753
                                                          • Instruction ID: 287ff849e0c374cc8285728efe15254890b270e8d7ff4a950cbaaea4f808f645
                                                          • Opcode Fuzzy Hash: 1410538585b297246eeec047fc2fd4fc8b4e5c51f19380e7725ddd37af6d6753
                                                          • Instruction Fuzzy Hash: 2EF0F633315215AB623127A6BD58C2F7FADFAB56B8391002FF108DB114EE795C4187A4
                                                          Function 0144BC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: .msrcIncident$.rdp
                                                          • API String ID: 4218353326-1437571178
                                                          • Opcode ID: 24ebb44851ed494b509a232d2c7b577b7bec231a94b26e227777be6cdd56e4b5
                                                          • Instruction ID: 132b22955483b85170a4ec431e496c3a01689fda3c9ec9b5dee8cdee9c6622f8
                                                          • Opcode Fuzzy Hash: 24ebb44851ed494b509a232d2c7b577b7bec231a94b26e227777be6cdd56e4b5
                                                          • Instruction Fuzzy Hash: 31F0AC32A00E07ABB92499BADC8182B3344EB11030350072FE43FD32F0DE30D41081E8
                                                          Function 01454BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01454AE3), ref: 01454BCC
                                                          • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01454AE3), ref: 01454BEC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WINPR_NATIVE_SSPI
                                                          • API String ID: 1431749950-1020623567
                                                          • Opcode ID: f3fb7dae3e9bd022f9e2690d7cd0653597de62abe60ecba983e7fb04dd3594c8
                                                          • Instruction ID: 4683b2a50dab0c30a72a937a1a2751a4fe08a81c4556acb0b46c62e34f9b860b
                                                          • Opcode Fuzzy Hash: f3fb7dae3e9bd022f9e2690d7cd0653597de62abe60ecba983e7fb04dd3594c8
                                                          • Instruction Fuzzy Hash: 19F0973329503326E336206A2C04F2F1EB8DBE6E20B1A012FFA01DF196E930888341E0
                                                          Function 0141A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • rfx_context_new.GETSCREEN-456311346-X86(?), ref: 0141A2ED
                                                            • Part of subcall function 0140E4DD: GetVersionExA.KERNEL32(?), ref: 0140E5CD
                                                            • Part of subcall function 0140E4DD: GetNativeSystemInfo.KERNEL32(?), ref: 0140E5E7
                                                            • Part of subcall function 0140E4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0140E612
                                                          • progressive_context_free.GETSCREEN-456311346-X86(00000000), ref: 0141A36D
                                                          Strings
                                                          • com.freerdp.codec.progressive, xrefs: 0141A2CA
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                                          • String ID: com.freerdp.codec.progressive
                                                          • API String ID: 2699998398-3622116780
                                                          • Opcode ID: 8183f282621f5dc986eac2dbf31f35cf750c347f47c13e5f6c81adfbbcf1b2a7
                                                          • Instruction ID: 011b772be4558eeb78f6c842d0979b5e4d7887e4e5768a2242a64eedf6ab6b74
                                                          • Opcode Fuzzy Hash: 8183f282621f5dc986eac2dbf31f35cf750c347f47c13e5f6c81adfbbcf1b2a7
                                                          • Instruction Fuzzy Hash: 4CF0E03290574716F320ABB79800F5B7BD8DF62A70F24002FF608AB690D97090018261
                                                          Function 01401ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_get_key_for_name.GETSCREEN-456311346-X86(?), ref: 01401EEF
                                                          • freerdp_settings_get_type_for_key.GETSCREEN-456311346-X86(00000000), ref: 01401F51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                                          • String ID: TRUE
                                                          • API String ID: 1888880752-3412697401
                                                          • Opcode ID: ad53e2466b9c5486c6fe43957c4197ba74c2546cac6e31873634d7d24be43712
                                                          • Instruction ID: 56f00d5761294fbc7d62868ca37dee162e912d5387d95042310b29607255ae24
                                                          • Opcode Fuzzy Hash: ad53e2466b9c5486c6fe43957c4197ba74c2546cac6e31873634d7d24be43712
                                                          • Instruction Fuzzy Hash: 26E0E5323102156F9A13AAAFDC85D9B365CEB65EA5B01003FF604AB2A0EBB1D90046A0
                                                          Function 014015BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %s:%s
                                                          • API String ID: 4218353326-3196766268
                                                          • Opcode ID: a7f93030e22c0139bc70208f413b31f40e6f69431d61ca3291a6327cee22cdeb
                                                          • Instruction ID: 985bc315e6438b40f04672239e98dcdd7e441675662f96ec3f4b2644ac354f36
                                                          • Opcode Fuzzy Hash: a7f93030e22c0139bc70208f413b31f40e6f69431d61ca3291a6327cee22cdeb
                                                          • Instruction Fuzzy Hash: C6F0E2B140020A7BDB212FA78C80D9B7B5CFF34264B45002AFD0856331E736D921D6E0
                                                          Function 01401493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %s:%s
                                                          • API String ID: 4218353326-3196766268
                                                          • Opcode ID: 14341e24cf2bbc65fb4cdb9880f5bdc5f5cb184c4ac6b39a48631db8ce15f932
                                                          • Instruction ID: a89c5ab91ae47667e79c2886accbb2ad6d7ba96d9c2fa98e2c65cfda3f62e961
                                                          • Opcode Fuzzy Hash: 14341e24cf2bbc65fb4cdb9880f5bdc5f5cb184c4ac6b39a48631db8ce15f932
                                                          • Instruction Fuzzy Hash: 8AF0BEB140020A7BDB216EA68D80D9B3A9DEF34254B46013AFD0452331E635D82196E0
                                                          Function 0145717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,01457163), ref: 01457190
                                                          • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,01457163), ref: 014571B1
                                                            • Part of subcall function 01457310: LoadLibraryA.KERNEL32(?,?,014571C4,00000000,?,?,01457163), ref: 01457316
                                                            • Part of subcall function 01457310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0145732B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                                          • String ID: WTSAPI_LIBRARY
                                                          • API String ID: 3590464466-1122459656
                                                          • Opcode ID: 29253c80c7a63fac7543bc6cbb9bc963bc1bab6bc743b6dcdead463492534c94
                                                          • Instruction ID: 619c6b60c873ef31a8003b60a6ff83a1cfd59231369cb5b06cb2f3d5fa843b1f
                                                          • Opcode Fuzzy Hash: 29253c80c7a63fac7543bc6cbb9bc963bc1bab6bc743b6dcdead463492534c94
                                                          • Instruction Fuzzy Hash: 8BE0EC3114112325D33221596C09F5F3F1D9BD1A7AF90002EF8009E3969A3014018195
                                                          Function 01457310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(?,?,014571C4,00000000,?,?,01457163), ref: 01457316
                                                          • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0145732B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryLoadProc
                                                          • String ID: InitWtsApi
                                                          • API String ID: 2574300362-3428673357
                                                          • Opcode ID: 0fe9f4892e8a63aad19aeb460c3ac631821de9941ce7c0a047f553e97e7c24ec
                                                          • Instruction ID: 22224ac01f62bdb0634ecf00f62373b57a2702e67cd2deb54750fd4c0b426045
                                                          • Opcode Fuzzy Hash: 0fe9f4892e8a63aad19aeb460c3ac631821de9941ce7c0a047f553e97e7c24ec
                                                          • Instruction Fuzzy Hash: 07D02B316903059B9F159FF6EC0A4173FDDE7805613088432AC1CC5253EF30D010C760
                                                          Function 014BF42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,014AB650,01600388,0000000C), ref: 014BF430
                                                          • SetLastError.KERNEL32(00000000), ref: 014BF4D2
                                                          • GetLastError.KERNEL32(00000000,?,014A5FDD,014BF0E3,?,?,0144F77A,0000000C,?,?,?,?,013C27D2,?,?,?), ref: 014BF581
                                                          • SetLastError.KERNEL32(00000000,00000006), ref: 014BF623
                                                            • Part of subcall function 014BF066: HeapFree.KERNEL32(00000000,00000000,?,014A5F2D,?,?,?,0144FA9A,?,?,?,?,?,013C293F,?,?), ref: 014BF07C
                                                            • Part of subcall function 014BF066: GetLastError.KERNEL32(?,?,014A5F2D,?,?,?,0144FA9A,?,?,?,?,?,013C293F,?,?), ref: 014BF087
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.4100600238.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000001.00000002.4100530944.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4100600238.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.4119301149.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$FreeHeap
                                                          • String ID:
                                                          • API String ID: 3197834085-0
                                                          • Opcode ID: b21d70339e5884cec6742d5e2f5286c4ef955fcb22b1ba8d786390f09fb51398
                                                          • Instruction ID: 1a9b517fead17e46c23e020368a9b6a55bd52463269dbd80160fa847c1e7dab0
                                                          • Opcode Fuzzy Hash: b21d70339e5884cec6742d5e2f5286c4ef955fcb22b1ba8d786390f09fb51398
                                                          • Instruction Fuzzy Hash: 0A412D796053126ED7213A7DACC4DAB364C9F75A71B19023BF618D62F2DF38891A8230

                                                          Execution Graph

                                                          Execution Coverage:0.5%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:77
                                                          Total number of Limit Nodes:6
                                                          execution_graph 12891 12eb62b 12892 12eb637 12891->12892 12893 12eb63e GetLastError RtlExitUserThread 12892->12893 12894 12eb64b 12892->12894 12893->12894 12897 12ff42c GetLastError 12894->12897 12896 12eb650 12898 12ff442 12897->12898 12908 12ff44c SetLastError 12898->12908 12924 12ff717 12898->12924 12901 12ff4dc 12901->12896 12902 12ff479 12903 12ff4b9 12902->12903 12904 12ff481 12902->12904 12932 12ff25a 12903->12932 12928 12ff066 12904->12928 12905 12ff4e1 12911 12ff717 RtlAllocateHeap 12905->12911 12912 12ff4fe 12905->12912 12908->12901 12908->12905 12910 12ff066 __aligned_free 2 API calls 12910->12908 12915 12ff522 12911->12915 12914 12ff57d GetLastError 12912->12914 12923 12ff503 12912->12923 12913 12ff52a 12920 12ff066 __aligned_free 2 API calls 12913->12920 12916 12ff593 12914->12916 12915->12913 12917 12ff55e 12915->12917 12919 12ff622 SetLastError 12916->12919 12918 12ff25a 2 API calls 12917->12918 12921 12ff569 12918->12921 12919->12896 12920->12912 12922 12ff066 __aligned_free 2 API calls 12921->12922 12922->12923 12923->12896 12927 12ff730 12924->12927 12925 12ff74f RtlAllocateHeap 12926 12ff764 12925->12926 12925->12927 12926->12902 12927->12925 12927->12926 12929 12ff071 HeapFree 12928->12929 12931 12ff093 __aligned_free 12928->12931 12930 12ff086 GetLastError 12929->12930 12929->12931 12930->12931 12931->12908 12937 12ff0ee 12932->12937 12938 12ff0fa 12937->12938 12949 12ef2a5 RtlEnterCriticalSection 12938->12949 12940 12ff104 12950 12ff134 12940->12950 12943 12ff200 12944 12ff20c 12943->12944 12954 12ef2a5 RtlEnterCriticalSection 12944->12954 12946 12ff216 12955 12ff24e 12946->12955 12949->12940 12953 12ef2ed RtlLeaveCriticalSection 12950->12953 12952 12ff122 12952->12943 12953->12952 12954->12946 12958 12ef2ed RtlLeaveCriticalSection 12955->12958 12957 12ff23c 12957->12910 12958->12957 12959 23729e0 12960 23729f8 12959->12960 12961 2372b03 LoadLibraryA 12960->12961 12962 2372b48 VirtualProtect VirtualProtect 12960->12962 12964 2372b2c GetProcAddress 12960->12964 12961->12960 12966 2372bc0 12962->12966 12964->12960 12965 2372b42 ExitProcess 12964->12965 12967 12eb6e0 12970 12eb6eb 12967->12970 12968 12eb72d RtlExitUserThread 12969 12ff717 RtlAllocateHeap 12968->12969 12971 12eb748 12969->12971 12970->12968 12973 12eb717 12970->12973 12975 12eb710 CloseHandle 12970->12975 12972 12ff066 __aligned_free 2 API calls 12971->12972 12974 12eb755 12972->12974 12973->12968 12976 12eb723 FreeLibraryAndExitThread 12973->12976 12977 12eb75c GetModuleHandleExW 12974->12977 12978 12eb779 12974->12978 12975->12973 12976->12968 12977->12978 12981 12eb6a9 12978->12981 12982 12eb6d9 12981->12982 12983 12eb6b5 12981->12983 12984 12eb6bb CloseHandle 12983->12984 12985 12eb6c4 12983->12985 12984->12985 12986 12eb6ca FreeLibrary 12985->12986 12987 12eb6d3 12985->12987 12986->12987 12988 12ff066 __aligned_free 2 API calls 12987->12988 12988->12982

                                                          Executed Functions

                                                          Function 023729E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 23729e0-23729f0 1 2372a02-2372a07 0->1 2 2372a09 1->2 3 2372a0b 2->3 4 23729f8-23729fd 2->4 6 2372a10-2372a12 3->6 5 23729fe-2372a00 4->5 5->1 5->2 7 2372a14-2372a19 6->7 8 2372a1b-2372a1f 6->8 7->8 9 2372a21 8->9 10 2372a2c-2372a2f 8->10 11 2372a23-2372a2a 9->11 12 2372a4b-2372a50 9->12 13 2372a31-2372a36 10->13 14 2372a38-2372a3a 10->14 11->10 11->12 15 2372a63-2372a65 12->15 16 2372a52-2372a5b 12->16 13->14 14->6 19 2372a67-2372a6c 15->19 20 2372a6e 15->20 17 2372ad2-2372ad5 16->17 18 2372a5d-2372a61 16->18 21 2372ada 17->21 18->20 19->20 22 2372a70-2372a73 20->22 23 2372a3c-2372a3e 20->23 26 2372adc-2372ade 21->26 27 2372a75-2372a7a 22->27 28 2372a7c 22->28 24 2372a47-2372a49 23->24 25 2372a40-2372a45 23->25 29 2372a9d-2372aac 24->29 25->24 30 2372af7 26->30 31 2372ae0-2372ae3 26->31 27->28 28->23 32 2372a7e-2372a80 28->32 33 2372aae-2372ab5 29->33 34 2372abc-2372ac9 29->34 36 2372afd-2372b01 30->36 31->26 35 2372ae5-2372af5 31->35 37 2372a82-2372a87 32->37 38 2372a89-2372a8d 32->38 33->33 40 2372ab7 33->40 34->34 41 2372acb-2372acd 34->41 35->21 42 2372b03-2372b19 LoadLibraryA 36->42 43 2372b48-2372b4b 36->43 37->38 38->32 39 2372a8f 38->39 45 2372a91-2372a98 39->45 46 2372a9a 39->46 40->5 41->5 44 2372b1a-2372b1f 42->44 47 2372b4e-2372b55 43->47 44->36 48 2372b21-2372b23 44->48 45->32 45->46 46->29 49 2372b57-2372b59 47->49 50 2372b79-2372bbd VirtualProtect * 2 47->50 51 2372b25-2372b2b 48->51 52 2372b2c-2372b39 GetProcAddress 48->52 53 2372b6c-2372b77 49->53 54 2372b5b-2372b6a 49->54 57 2372bc0-2372bc1 50->57 51->52 55 2372b42 ExitProcess 52->55 56 2372b3b-2372b40 52->56 53->54 54->47 56->44 58 2372bc5-2372bc9 57->58 58->58 59 2372bcb 58->59
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(?), ref: 02372B13
                                                          • GetProcAddress.KERNELBASE(?,0234CFF9), ref: 02372B31
                                                          • ExitProcess.KERNEL32(?,0234CFF9), ref: 02372B42
                                                          • VirtualProtect.KERNELBASE(00C20000,00001000,00000004,?,00000000), ref: 02372B90
                                                          • VirtualProtect.KERNELBASE(00C20000,00001000), ref: 02372BA5
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                          • String ID:
                                                          • API String ID: 1996367037-0
                                                          • Opcode ID: 1c0f85d85b7734dfef3716ba3960595539bc54cf78a43878c96421e5da1c8c5e
                                                          • Instruction ID: 63b43704d6d469a16aefc54578160a4e77f09f852453415be97f2c45f84783e7
                                                          • Opcode Fuzzy Hash: 1c0f85d85b7734dfef3716ba3960595539bc54cf78a43878c96421e5da1c8c5e
                                                          • Instruction Fuzzy Hash: 1A5118726107525BEF708EB8CCC0766B7A5EB452247180739DDE2D73C6EBA85906C760
                                                          Function 012EB6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 012FF42C: GetLastError.KERNEL32(00000000,?,012E5FDD,012FF0E3,?,?,0128F77A,0000000C,?,?,?,?,012027D2,?,?,?), ref: 012FF581
                                                            • Part of subcall function 012FF42C: SetLastError.KERNEL32(00000000,00000006), ref: 012FF623
                                                          • CloseHandle.KERNEL32(?,?,?,012EB817,?,?,012EB689,00000000), ref: 012EB711
                                                          • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,012EB817,?,?,012EB689,00000000), ref: 012EB727
                                                          • RtlExitUserThread.NTDLL(?,?,?,012EB817,?,?,012EB689,00000000), ref: 012EB730
                                                          • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 012EB76E
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                                          • String ID:
                                                          • API String ID: 1062721995-0
                                                          • Opcode ID: 7bf2ea36b5c262401fffb61bc1e1c924e60c3f07749e821b3605587b9bca0f7a
                                                          • Instruction ID: 1bbf1abb856bc467db8b43a98e9351d24a9941b3794e8c4df3a20772eddbe6af
                                                          • Opcode Fuzzy Hash: 7bf2ea36b5c262401fffb61bc1e1c924e60c3f07749e821b3605587b9bca0f7a
                                                          • Instruction Fuzzy Hash: E111B4B3910205ABD7349F69DC08A6BBFE8DF80760F184119FB1997694DB30D901C7A0
                                                          Function 012EB62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetLastError.KERNEL32(01440388,0000000C), ref: 012EB63E
                                                          • RtlExitUserThread.NTDLL(00000000), ref: 012EB645
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ErrorExitLastThreadUser
                                                          • String ID:
                                                          • API String ID: 1750398979-0
                                                          • Opcode ID: 8013228016b88e01ab26e78ad1a91a6eabf92c8c47d99c4acd233cc92074dfee
                                                          • Instruction ID: f50c455008f481d0e8397a165b25d8b6084d89aa2a66d7a392c5adee1d7093b2
                                                          • Opcode Fuzzy Hash: 8013228016b88e01ab26e78ad1a91a6eabf92c8c47d99c4acd233cc92074dfee
                                                          • Instruction Fuzzy Hash: 98F0CD71A10206AFEB21BFB4D809A6E7BB9EF00310F20015DE601AB291CB30A951CFA5

                                                          Non-executed Functions

                                                          Function 0128E42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 012942FB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                                          • API String ID: 689400697-3301108232
                                                          • Opcode ID: b6e2eb1d8c3858fa78018f7a5c14a2a1230e1e21e8f0cbf5610c471de939c6b6
                                                          • Instruction ID: 02d40487041949bf1fd4a24f0eac833dfaf6004adc7584334ad4dde4200cdd8b
                                                          • Opcode Fuzzy Hash: b6e2eb1d8c3858fa78018f7a5c14a2a1230e1e21e8f0cbf5610c471de939c6b6
                                                          • Instruction Fuzzy Hash: F9112B393913467BEF253A5BED07E2B3EACE794A14F000058F714991D0DAA1CA11DBE4
                                                          Function 0128E437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 012943BE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                                          • API String ID: 689400697-3976766517
                                                          • Opcode ID: 142b2c7a4ebdc9286d2a9e8a6399e4405d94071fd0345c2ed9bee3d9217825bf
                                                          • Instruction ID: da68a77f769f52e5af490799ef85a7631a30259719e99c5f7cfe8fad81d99a6a
                                                          • Opcode Fuzzy Hash: 142b2c7a4ebdc9286d2a9e8a6399e4405d94071fd0345c2ed9bee3d9217825bf
                                                          • Instruction Fuzzy Hash: 20112B393903427FEF217E5AED07F673EACEB94A14F000098FA04991D0DAA1CA119BA0
                                                          Function 01235E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • crypto_cert_fingerprint.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01235E1C
                                                            • Part of subcall function 0123576E: crypto_cert_fingerprint_by_hash.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,sha256), ref: 01235779
                                                          • crypto_cert_issuer.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01235E30
                                                          • crypto_cert_subject.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?), ref: 01235E3A
                                                          • certificate_data_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,00000000,00000000,00000000,?,?), ref: 01235E4A
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                                          • String ID:
                                                          • API String ID: 1865246629-0
                                                          • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                                          • Instruction ID: a83bb0ec187df6f9b2631d883300d111f28c69ac7ef223c5bfbb180b1170d1b6
                                                          • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                                          • Instruction Fuzzy Hash: ADE0DFB502020ABF8F162F29CC04CAF3EEEEFC16E0B048124BD0C56120EB31CD1096B0
                                                          Function 01297449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 631 1297449-129745b LoadLibraryA 632 129745d 631->632 633 129745e-12978e4 GetProcAddress * 63 call 12a001b 631->633
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(wtsapi32.dll,01297168), ref: 0129744E
                                                          • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 0129746B
                                                          • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 0129747D
                                                          • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 0129748F
                                                          • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 012974A1
                                                          • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 012974B3
                                                          • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 012974C5
                                                          • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 012974D7
                                                          • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 012974E9
                                                          • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 012974FB
                                                          • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 0129750D
                                                          • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 0129751F
                                                          • GetProcAddress.KERNEL32(WTSCloseServer), ref: 01297531
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 01297543
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 01297555
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 01297567
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 01297579
                                                          • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 0129758B
                                                          • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 0129759D
                                                          • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 012975AF
                                                          • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 012975C1
                                                          • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 012975D3
                                                          • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 012975E5
                                                          • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 012975F7
                                                          • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 01297609
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$LibraryLoad
                                                          • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                                          • API String ID: 2238633743-2998606599
                                                          • Opcode ID: 55d75dac03c2ab605765cade0e4a5aaca85e1a7a5b54ecf097bc8bc23450f69a
                                                          • Instruction ID: 8f7291370dcd474aa91523dbba81c43c155c7792191413ca4b76a0cbadc12194
                                                          • Opcode Fuzzy Hash: 55d75dac03c2ab605765cade0e4a5aaca85e1a7a5b54ecf097bc8bc23450f69a
                                                          • Instruction Fuzzy Hash: 70B110BCD80365ABCB31AF72AC4E9463EA3E70C67C702685AE8245E359D7754058FF90
                                                          Function 012814E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 738 12814e3-12814fb 739 12816dd 738->739 740 1281501-1281509 738->740 742 12816df-12816e3 739->742 740->739 741 128150f-1281523 freerdp_error_info 740->741 743 1281529-128152f 741->743 744 12816e4-12816f0 741->744 743->739 745 1281535-128153c 743->745 746 12816fe-128170a call 128e9a3 744->746 747 12816f2-12816f9 call 128e717 744->747 750 128154e-128155a call 128e9a3 745->750 751 128153e-1281549 call 128e717 745->751 756 128158e-1281595 746->756 757 1281710-1281736 call 128ed82 746->757 747->746 762 1281589 750->762 763 128155c-1281586 freerdp_get_error_info_string call 128ed82 750->763 751->750 756->739 760 128159b-12815a3 756->760 757->756 764 12815b3-12815ba 760->764 765 12815a5-12815ad 760->765 762->756 763->762 768 12815c8-12815d4 call 128e9a3 764->768 769 12815bc-12815c3 call 128e717 764->769 765->739 765->764 775 1281600-1281609 freerdp_reconnect 768->775 776 12815d6-12815fd call 128ed82 768->776 769->768 778 128173b-128173e 775->778 779 128160f-128161c freerdp_get_last_error 775->779 776->775 778->742 780 128166b 779->780 781 128161e-1281625 779->781 785 128166d-1281671 780->785 783 1281633-128163f call 128e9a3 781->783 784 1281627-128162e call 128e717 781->784 794 1281641-1281664 call 128ed82 783->794 795 1281667 783->795 784->783 788 128167c-1281688 Sleep 785->788 789 1281673-128167a 785->789 788->785 790 128168a-128168e 788->790 789->739 789->788 790->760 793 1281694-128169b 790->793 797 12816a9-12816b5 call 128e9a3 793->797 798 128169d-12816a4 call 128e717 793->798 794->795 795->780 797->739 805 12816b7-12816da call 128ed82 797->805 798->797 805->739
                                                          APIs
                                                          • freerdp_error_info.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,?,012814DF,?,00000000), ref: 01281519
                                                          • freerdp_get_error_info_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,?,?,?,?,?,?,012814DF,?,00000000), ref: 0128155D
                                                          • freerdp_reconnect.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,?,012814DF,?,00000000), ref: 01281601
                                                          • freerdp_get_last_error.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,?,012814DF,?,00000000), ref: 01281611
                                                          • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,012814DF,?,00000000), ref: 0128167E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                                          • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                                          • API String ID: 968149013-2963753137
                                                          • Opcode ID: d5ba89a0f148eb17124710296afde22db8d8ead4414453816cc81e0c929d97fa
                                                          • Instruction ID: a1eb6527141f38c1c422fc8453bde0d509c203e8eaaa7fd57d0fcfa99c1eb2bd
                                                          • Opcode Fuzzy Hash: d5ba89a0f148eb17124710296afde22db8d8ead4414453816cc81e0c929d97fa
                                                          • Instruction Fuzzy Hash: 3C514A727613137FFB217A2AFC82F7A3AA89B11B1CF190029F750FE1C5DAB095964610
                                                          Function 0124A89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • gdi_get_pixel_format.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,0124A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0124A8B3
                                                          • gdi_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,0124A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0124AA40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: gdi_freegdi_get_pixel_format
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                                          • API String ID: 1251975138-534786182
                                                          • Opcode ID: 2664a65bd068071f36e4fce49d2143d1799f77d8b5a50f97b7f67725917cc492
                                                          • Instruction ID: 1634e11bd23ac1b4a0286a65cff4c593f3e865cbfe378448c1e5479f6f6f85fb
                                                          • Opcode Fuzzy Hash: 2664a65bd068071f36e4fce49d2143d1799f77d8b5a50f97b7f67725917cc492
                                                          • Instruction Fuzzy Hash: 4341D575260703AFDB18FF38DC41B6A7BB5FF14214F14842DEA599B291EF71A8508B50
                                                          Function 01286C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 864 1286c86-1286ca5 call 12f35f0 867 1286cdf-1286cef call 12f35f0 864->867 868 1286ca7-1286caa 864->868 877 1286da3-1286db3 call 12f35f0 867->877 878 1286cf5-1286cfa 867->878 869 1286cb0-1286cc5 868->869 870 1286d43 868->870 872 1286cca-1286cdd call 128706d 869->872 873 1286cc7 869->873 874 1286d45-1286d49 870->874 872->874 873->872 885 1286db9-1286dbe 877->885 886 1286e3d-1286e4d call 12f35f0 877->886 878->870 881 1286cfc-1286d0b 878->881 883 1286d11-1286d20 call 12e5feb 881->883 884 1287066-1287068 881->884 883->870 892 1286d22-1286d3a call 12e5ff6 883->892 884->874 885->870 888 1286dc0-1286de0 call 12e5feb 885->888 896 1286faf-1286fbf call 12f35f0 886->896 897 1286e53-1286e58 886->897 888->870 898 1286de6-1286def 888->898 904 1286d4a-1286d4d 892->904 905 1286d3c-1286d3d call 12e5f15 892->905 896->870 911 1286fc5-1286fca 896->911 897->870 900 1286e5e-1286e7e call 12e5feb 897->900 902 1286e19-1286e26 freerdp_device_collection_add 898->902 903 1286df1-1286dfc call 12f3680 898->903 900->870 919 1286e84-1286e89 900->919 902->884 914 1286e2c-1286e32 call 12e5f15 902->914 924 1286dfe-1286e0f call 12e5ff6 903->924 925 1286e16 903->925 912 1286d4f-1286d60 call 12e5ff6 904->912 913 1286d73 904->913 918 1286d42 905->918 911->870 920 1286fd0-1286ff0 call 12e5feb 911->920 916 1286d75-1286d82 freerdp_device_collection_add 912->916 936 1286d62-1286d6a call 12e5f15 912->936 913->916 922 1286e37-1286e38 914->922 916->884 923 1286d88-1286da1 call 12e5f15 * 3 916->923 918->870 926 1286f5f-1286f62 919->926 927 1286e8f-1286ea5 call 12e5ff6 919->927 920->870 943 1286ff6-1286fff 920->943 930 1286d6b-1286d71 call 12e5f15 922->930 923->870 924->902 949 1286e11 924->949 925->902 934 1286f65-1286f78 freerdp_device_collection_add 926->934 927->905 950 1286eab-1286eae 927->950 930->918 934->884 942 1286f7e-1286faa call 12e5f15 * 5 934->942 936->930 942->870 944 128703d-128704d freerdp_device_collection_add 943->944 945 1287001-1287017 call 12e5ff6 943->945 944->884 953 128704f-1287061 call 12e5f15 * 2 944->953 945->905 964 128701d-1287020 945->964 949->905 950->926 955 1286eb4-1286eca call 12e5ff6 950->955 953->884 967 1286ecc-1286ed9 call 12e5f15 955->967 968 1286ede-1286ee1 955->968 964->944 970 1287022-1287033 call 12e5ff6 964->970 967->922 968->926 974 1286ee3-1286ef9 call 12e5ff6 968->974 970->944 983 1287035 970->983 985 1286f18-1286f1b 974->985 986 1286efb-1286f12 call 12e5f15 * 2 974->986 983->944 985->934 989 1286f1d-1286f2e call 12e5ff6 985->989 986->985 989->934 994 1286f30-1286f5a call 12e5f15 * 4 989->994 994->870
                                                          APIs
                                                          • freerdp_device_collection_add.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?), ref: 01286D79
                                                          • _strlen.LIBCMT ref: 01286DF4
                                                          • freerdp_device_collection_add.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000000), ref: 01286E1D
                                                          • freerdp_device_collection_add.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000000), ref: 01286F6F
                                                          • freerdp_device_collection_add.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000000), ref: 01287044
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_device_collection_add$_strlen
                                                          • String ID: drive$parallel$printer$serial$smartcard
                                                          • API String ID: 2230162058-807955808
                                                          • Opcode ID: 49567125c0af443da720ccbdb989a498bb0e080e76f999a428d0a35fc045e3bb
                                                          • Instruction ID: bdabb504b280d647602cfefd5da9134850e8c08292143e0642670a79efc31b9a
                                                          • Opcode Fuzzy Hash: 49567125c0af443da720ccbdb989a498bb0e080e76f999a428d0a35fc045e3bb
                                                          • Instruction Fuzzy Hash: 6BB104365352079FDF19BF18C84496E7BE1FF05318B14806AE9089F292EF72D9518F90
                                                          Function 01210E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1004 1210e1f-1210e32 1005 1210e82-1210e8f call 1211585 1004->1005 1006 1210e34-1210e3b 1004->1006 1013 1210e91-1210e98 1005->1013 1014 1210ee4-1210f8c call 12e29c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1005->1014 1007 1210e4d-1210e59 call 128e9a3 1006->1007 1008 1210e3d-1210e48 call 128e717 1006->1008 1019 1210fdf-1210fe2 1007->1019 1020 1210e5f-1210e7d 1007->1020 1008->1007 1017 1210eaa-1210eb6 call 128e9a3 1013->1017 1018 1210e9a-1210ea5 call 128e717 1013->1018 1032 1210ede 1014->1032 1034 1210f92-1210f99 1014->1034 1031 1210eb8-1210edb call 128ed82 1017->1031 1017->1032 1018->1017 1024 1210ee0-1210ee3 1019->1024 1025 1210fd7-1210fdc call 128ed82 1020->1025 1025->1019 1031->1032 1032->1024 1036 1210fab-1210fb7 call 128e9a3 1034->1036 1037 1210f9b-1210fa6 call 128e717 1034->1037 1036->1019 1043 1210fb9-1210fd1 1036->1043 1037->1036 1043->1025
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 01210F64
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01210F79
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                                          • API String ID: 3168844106-1571615648
                                                          • Opcode ID: d15e6e7ccac0abbf43371607f1de167ca77cbe51d2aafd340cef7b145e7603d6
                                                          • Instruction ID: 8bdda6b0c875c38b7877a1932eb9dd6f5283fe8cecd2b8065963a32c88a03a48
                                                          • Opcode Fuzzy Hash: d15e6e7ccac0abbf43371607f1de167ca77cbe51d2aafd340cef7b145e7603d6
                                                          • Instruction Fuzzy Hash: 7341D971A54306AFD714EF69EC42B5A77E4EB18B18F11401DF624FB284DBB0A9448B58
                                                          Function 012442E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1087 12442e5-12443dd call 12f3680 call 129010e CreateFileA GetFileSize call 12e5f30 1097 1244507-1244514 CloseHandle 1087->1097 1098 12443e3-12443f4 ReadFile 1087->1098 1099 1244500-1244506 call 12e5f15 1098->1099 1100 12443fa-12443fd 1098->1100 1099->1097 1100->1099 1102 1244403-1244408 1100->1102 1102->1099 1103 124440e-124448f SetFilePointer SetEndOfFile 1102->1103 1103->1099 1106 1244515-124451e 1103->1106 1107 124469c-12446b0 call 129536b 1106->1107 1110 1244523-124452c call 12f3680 1107->1110 1111 12447b3-12447d8 call 128e9a3 1107->1111 1110->1107 1116 1244532-124454e call 124484b 1110->1116 1111->1099 1118 12447de-12447ed call 12e5fd8 * 2 call 12f3e39 1111->1118 1116->1107 1123 1244554-1244624 call 1244878 call 12f35f0 call 1208b2e 1116->1123 1123->1099 1135 124462a-124463c call 12e5f30 1123->1135 1135->1107 1135->1111
                                                          APIs
                                                          • _strlen.LIBCMT ref: 012442FA
                                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 01244320
                                                          • GetFileSize.KERNEL32(00000000,?), ref: 0124433A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: File$CreateSize_strlen
                                                          • String ID: %s %hu %s %s %s
                                                          • API String ID: 2645226956-2916857029
                                                          • Opcode ID: 3189b21057ee73a315e28c801193407bb50a7315ac5511bd1b92bdb8d6e303d6
                                                          • Instruction ID: cfd42407339e707e1c97e40a90f704526824df8f66ec06990eac37b87aa1c1a4
                                                          • Opcode Fuzzy Hash: 3189b21057ee73a315e28c801193407bb50a7315ac5511bd1b92bdb8d6e303d6
                                                          • Instruction Fuzzy Hash: AB5157B5910256AFEF15AFB4EC45BBF7BFCEF15624F104129FA01E6140EB7099008BA4
                                                          Function 01210C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1138 1210c4d-1210c61 1139 1210cb1-1210cbf call 121155c 1138->1139 1140 1210c63-1210c6a 1138->1140 1149 1210cc1-1210cc8 1139->1149 1150 1210d15-1210dc4 call 12e29c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1139->1150 1141 1210c7c-1210c88 call 128e9a3 1140->1141 1142 1210c6c-1210c77 call 128e717 1140->1142 1151 1210e17-1210e1a 1141->1151 1152 1210c8e-1210cac 1141->1152 1142->1141 1154 1210cda-1210ce6 call 128e9a3 1149->1154 1155 1210cca-1210cd5 call 128e717 1149->1155 1165 1210d0e 1150->1165 1169 1210dca-1210dd1 1150->1169 1157 1210d10-1210d14 1151->1157 1158 1210e0f-1210e14 call 128ed82 1152->1158 1164 1210ce8-1210d0b call 128ed82 1154->1164 1154->1165 1155->1154 1158->1151 1164->1165 1165->1157 1171 1210de3-1210def call 128e9a3 1169->1171 1172 1210dd3-1210dde call 128e717 1169->1172 1171->1151 1177 1210df1-1210e09 1171->1177 1172->1171 1177->1158
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 01210D92
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01210DB2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                                          • API String ID: 3168844106-4217659166
                                                          • Opcode ID: 22f903c1bd2140e0fd6e65dcc2fafa19681ab02469bfb9e21354dab12f2d1b8a
                                                          • Instruction ID: 03b3c4e8c190d93eab59e556d4da38d37d402969bdb9af7fef10d2f319b6538a
                                                          • Opcode Fuzzy Hash: 22f903c1bd2140e0fd6e65dcc2fafa19681ab02469bfb9e21354dab12f2d1b8a
                                                          • Instruction Fuzzy Hash: A851D771A50306AFD724EF69EC46F5E77E4EF14B18F11401DFA14AB284DBB0A940CB58
                                                          Function 01315E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • YUV buffer not initialized! check your decoder settings, xrefs: 01315F1A
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 01315F24
                                                          • avc444_ensure_buffer, xrefs: 01315F1F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: __aligned_free
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                                          • API String ID: 733272558-18228272
                                                          • Opcode ID: 2bf9da6154b46930d901b1e0427dae821cbcf7f2d2e955467ff47334ed173ec4
                                                          • Instruction ID: 14e5a76a04c37d86111a13ff41c51185329afebb46447dda88b624b8019fba05
                                                          • Opcode Fuzzy Hash: 2bf9da6154b46930d901b1e0427dae821cbcf7f2d2e955467ff47334ed173ec4
                                                          • Instruction Fuzzy Hash: E741E771650306EFDB249F29CC81A66BBE5FF55318F14883DE68ACB660D3B1E858CB40
                                                          Function 01313B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_set_bool.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000400,00000001), ref: 01313B87
                                                          • freerdp_settings_set_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000401,00000000), ref: 01313BB7
                                                          • freerdp_settings_set_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000404,?), ref: 01313BDB
                                                          • freerdp_settings_set_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000402,00000000), ref: 01313BFA
                                                          • freerdp_settings_set_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000014,?), ref: 01313C12
                                                          • freerdp_settings_set_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,000006C1,?), ref: 01313C2B
                                                          • freerdp_settings_set_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000403,?), ref: 01313C44
                                                          • freerdp_settings_set_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000015,00000000), ref: 01313C60
                                                          • freerdp_settings_set_uint32.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000013,?), ref: 01313C82
                                                          • freerdp_target_net_addresses_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01313C93
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                                          • String ID:
                                                          • API String ID: 949014189-0
                                                          • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                                          • Instruction ID: 8b49653ca95ce3a53f531a8953e4fbc0d833c40144c1bfb632ee2462da3fbf89
                                                          • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                                          • Instruction Fuzzy Hash: EC41F771600B16BBF7295F38DC44FAA7BE5BF09328F440024EB0596595EB72F060CB94
                                                          Function 012C1612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01295CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,012C1701,00000001), ref: 01295CF9
                                                          • zgfx_context_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000), ref: 012C1874
                                                            • Part of subcall function 0131693A: zgfx_context_reset.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,00000000,00000000,?,012C1879,00000000), ref: 01316964
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                                          • API String ID: 3732774510-3243565116
                                                          • Opcode ID: 791baa1a6cb6b4050ab0a053e15c9f458f72150c3fd87ff4200ee0d3079be083
                                                          • Instruction ID: f8c82e3e459f77909a60589ce2bc228f7c5479199515147f2d9f85cf00602185
                                                          • Opcode Fuzzy Hash: 791baa1a6cb6b4050ab0a053e15c9f458f72150c3fd87ff4200ee0d3079be083
                                                          • Instruction Fuzzy Hash: 6D7109706A4703AFE325AB2A9C42B6677D4FF15B24F10062EF7199B6C1DBB0E4108B94
                                                          Function 0124E4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01296B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,0124E59B,00000001,00006060,00000010), ref: 01296B3E
                                                          • GetVersionExA.KERNEL32(?), ref: 0124E5CD
                                                          • GetNativeSystemInfo.KERNEL32(?), ref: 0124E5E7
                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0124E612
                                                          • primitives_get.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE ref: 0124E6DC
                                                          • CreateThreadpool.KERNEL32(00000000), ref: 0124E6E2
                                                          Strings
                                                          • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 0124E605
                                                          • com.freerdp.codec.rfx, xrefs: 0124E530
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                                          • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                                          • API String ID: 3882483829-2530424157
                                                          • Opcode ID: 751cdeb2dddaaffd7908223c339a1f295c85708888f6090c57315a32dee0aa7a
                                                          • Instruction ID: 7d6f1802747f39673ef5290b6f478f210df1411efa808a8baaeb04ee34c23718
                                                          • Opcode Fuzzy Hash: 751cdeb2dddaaffd7908223c339a1f295c85708888f6090c57315a32dee0aa7a
                                                          • Instruction Fuzzy Hash: B341C1B1A20706AFEB28EF79D885B66BBF8FF04214F10442DE60996241EB74E954CF50
                                                          Function 0128E889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0128E8B2
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0128E8D6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                                          • API String ID: 1431749950-225596728
                                                          • Opcode ID: 1ade18af0ed67db4342436d51aaa6b0f7a663014b9c0c89bf39499d826be0558
                                                          • Instruction ID: 7f935086eb4d4911055a9e8e16e44237bfea2e4a71b5b865fd57bf8551d5d96a
                                                          • Opcode Fuzzy Hash: 1ade18af0ed67db4342436d51aaa6b0f7a663014b9c0c89bf39499d826be0558
                                                          • Instruction Fuzzy Hash: EC212B762753633AF664326A6C8FE3F2BDDCB62538B92002EF514A50C1EED094414671
                                                          Function 01203971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_set_last_error_ex.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 012148D9
                                                          • freerdp_set_last_error_ex.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 0121498F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_set_last_error_ex
                                                          • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                                          • API String ID: 270715978-29603548
                                                          • Opcode ID: f676d9bcb19e017068e691be3c0e3bca403c3ca44c9f8b7df0c980ccdc2deca3
                                                          • Instruction ID: f2716c792508e8e301b2c1536b1020e5906dd1021b00e982697ead6831981b88
                                                          • Opcode Fuzzy Hash: f676d9bcb19e017068e691be3c0e3bca403c3ca44c9f8b7df0c980ccdc2deca3
                                                          • Instruction Fuzzy Hash: AC213E71A50306BAD710BE59DC42FEB7BA8AB25F28F000059FF186A2C5E7F05540CBB4
                                                          Function 013158B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_get_tag_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,?,?,01315425,?,?,?,?,00000000,?), ref: 013158FA
                                                          • audio_format_get_tag_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000001,00000000,?,?,01315425,?,?,?,?,00000000,?), ref: 01315902
                                                          • audio_format_compatible.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(01315425,?,?,?,?,01315425,?,?,?,?,00000000,?), ref: 0131594D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: audio_format_get_tag_string$audio_format_compatible
                                                          • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                                          • API String ID: 204136587-155179076
                                                          • Opcode ID: 707c8e19582094728ebaee80cefe21bb52f3e31bdcf78c4a3f19e1411979b2d9
                                                          • Instruction ID: a3f03817b0f132d9734bca1eac15bb1c97734b4f26bc15bfe26ea2519057cdda
                                                          • Opcode Fuzzy Hash: 707c8e19582094728ebaee80cefe21bb52f3e31bdcf78c4a3f19e1411979b2d9
                                                          • Instruction Fuzzy Hash: D52122B1354302A9F7186F79BC42F76379C9B9162CF21041BFA14EE1C4F5A498844369
                                                          Function 01294B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(secur32.dll,?,01294AEC), ref: 01294B18
                                                          • LoadLibraryA.KERNEL32(security.dll,?,01294AEC), ref: 01294B28
                                                          • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 01294B42
                                                          • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 01294B51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryLoadProc
                                                          • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                                          • API String ID: 2574300362-4081094439
                                                          • Opcode ID: 1d03fbd6958b083eb3c2aaaf2213d14e989904ab7d6459740ec3152638e9d6e7
                                                          • Instruction ID: 82d922cd21d4cf95b59736c3d38a36bc2567ac0ce12c677513f2c8e23708d0ac
                                                          • Opcode Fuzzy Hash: 1d03fbd6958b083eb3c2aaaf2213d14e989904ab7d6459740ec3152638e9d6e7
                                                          • Instruction Fuzzy Hash: A8F0B47AD113678BCB35BBBEBC149463AE89B88A1C302006BD914D3208FB70C4054FD0
                                                          Function 0122501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ber_read_universal_tag.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000002,00000000), ref: 0122502A
                                                          • ber_read_length.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?), ref: 0122503F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ber_read_lengthber_read_universal_tag
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                                          • API String ID: 3186670568-2454464461
                                                          • Opcode ID: ef57403879df82758038ae22d6cf7b64985d07152d7f5e3e6da1be7071a356bf
                                                          • Instruction ID: 7119f98b85149506112c84bde0cf086ee94197ff5b47bb901c4500190db0ed34
                                                          • Opcode Fuzzy Hash: ef57403879df82758038ae22d6cf7b64985d07152d7f5e3e6da1be7071a356bf
                                                          • Instruction Fuzzy Hash: EF41ADB17243227BEB318F29CC41BBD37E5AB55624F15C16DE6648B389E278D600CB60
                                                          Function 01269C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_rects.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?), ref: 01269C6E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: region16_rects
                                                          • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                                          • API String ID: 844131241-2640574824
                                                          • Opcode ID: 244567ebf3d8734c6e8da760cabb97e27faee1d251e0cf826f06ca77c0a0a02d
                                                          • Instruction ID: e67703a868232d27d0945db0822fa8b169cf13d5eaa4dd3858cbba146fc2d8b3
                                                          • Opcode Fuzzy Hash: 244567ebf3d8734c6e8da760cabb97e27faee1d251e0cf826f06ca77c0a0a02d
                                                          • Instruction Fuzzy Hash: B831C7767903027AFB307A5ABC42FB636DC9B25B59F110029FA24E91C4FEB199C09350
                                                          Function 01202BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_set_last_error_ex.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 01202C14
                                                          • clearChannelError.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 01202C1B
                                                            • Part of subcall function 012026E1: ResetEvent.KERNEL32(?), ref: 0120270A
                                                            • Part of subcall function 01218142: ResetEvent.KERNEL32(?,?,01202C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 0121814E
                                                          Strings
                                                          • freerdp, xrefs: 01203062
                                                          • ConnectionResult, xrefs: 01203077
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 01202BFC
                                                          • freerdp_connect, xrefs: 01202C01
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                                          • API String ID: 3632380314-3564821047
                                                          • Opcode ID: 6a97eba6fd782cfba49813ace7c65bc4cfefd5dcce922a935925c085782ab095
                                                          • Instruction ID: 22d6fb7a52cca4dccdb872755423092ca289b4c0c1b17f022c896f64a219d2d8
                                                          • Opcode Fuzzy Hash: 6a97eba6fd782cfba49813ace7c65bc4cfefd5dcce922a935925c085782ab095
                                                          • Instruction Fuzzy Hash: 1531C270610606EFE711DF79D888BEABBE5FF18354F10012AEA04E7292EB719954CB50
                                                          Function 012253FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ber_write_universal_tag.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000002,00000000), ref: 01225415
                                                          • ber_write_length.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000001,?,00000002,00000000), ref: 0122541D
                                                          • ber_write_universal_tag.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000002,00000000), ref: 01225440
                                                          • ber_write_length.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000002,?,00000002,00000000), ref: 01225448
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ber_write_lengthber_write_universal_tag
                                                          • String ID:
                                                          • API String ID: 1889070510-0
                                                          • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                                          • Instruction ID: b05bdbc060b24bcefa39d55840ecfa929df4d8ce44d56facaf777b425e5c97a7
                                                          • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                                          • Instruction Fuzzy Hash: FF210A30221760BFDB125F04DD41BEEB7A5EF21B01F04C459F98A5F682C361AE11CBA1
                                                          Function 0122CB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • glyph_cache_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0122CB79
                                                          • brush_cache_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0122CB86
                                                          • pointer_cache_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0122CB94
                                                          • bitmap_cache_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0122CBA2
                                                          • offscreen_cache_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0122CBB0
                                                          • palette_cache_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0122CBBE
                                                          • nine_grid_cache_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0122CBCC
                                                          • cache_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000), ref: 0122CBDE
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                                          • String ID:
                                                          • API String ID: 2332728789-0
                                                          • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                                          • Instruction ID: 741cea71f4fc5e45731fe197b3751093d10c2b965789f8e020b38fa84b86dcbb
                                                          • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                                          • Instruction Fuzzy Hash: 17018036568B277AF324AE799840D3F7BE88F53970B14483EE684D6980FF24D011A2B1
                                                          Function 0124EFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_init.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0124F58A
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: region16_init
                                                          • String ID:
                                                          • API String ID: 4140821900-0
                                                          • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                                          • Instruction ID: bbab6064cf0f04cdff74746f0afcdd049c3e24a0a53b722eb1354d1dada70652
                                                          • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                                          • Instruction Fuzzy Hash: 02515AB2D1021A9FDF19DFA9C9809EEBBF9EF48304F04412AF519E7240E7359985CB60
                                                          Function 0124AA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_CreateCompatibleDC.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000000,?,?,?,0124A9C7,00000000,?,?,?,?,?,?,?,?,0124A899), ref: 0124AAE7
                                                          • gdi_CreateCompatibleBitmap.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,00000000,?,?,?,0124A9C7,00000000,?,?,?,?), ref: 0124AB0E
                                                          • gdi_CreateBitmapEx.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,00000000,?,?,?,0124A9C7,00000000,?,?,?,?), ref: 0124AB2A
                                                          • gdi_SelectObject.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?), ref: 0124AB60
                                                          • gdi_CreateRectRgn.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,00000000,00000000,00000000), ref: 0124ABA5
                                                          • gdi_DeleteObject.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0124AC39
                                                          • gdi_DeleteDC.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0124AC48
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                                          • String ID:
                                                          • API String ID: 412453062-0
                                                          • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                                          • Instruction ID: c8675753cebd1fd05dc428e2f61c5a74a4ba41cdb81eb58c90c4988343f77804
                                                          • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                                          • Instruction Fuzzy Hash: DB513A792107069FD729DF28C884EA6BBE5FF1C310B0545ADE98A8B761E771E841CF44
                                                          Function 0129EA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,01296939,?,?,?,?,01296A0A,?), ref: 0129EABD
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,01296939,?,?,?,?,01296A0A,?,?,00000000), ref: 0129EAE7
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,01296939,?,?,?,?,01296A0A,?,?,00000000), ref: 0129EB14
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,01296939,?,?,?,?,01296A0A,?,?,00000000), ref: 0129EB37
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                                          • API String ID: 1431749950-2760771567
                                                          • Opcode ID: 6faa43d467ac62cbdb3d4383919b105cc4a4c18eee4b69aadabd3e3e0cd1eaf7
                                                          • Instruction ID: 4ef24cdde9099abd8550c640cb3d5e54eddec0087cc1df97e17bd5da80046040
                                                          • Opcode Fuzzy Hash: 6faa43d467ac62cbdb3d4383919b105cc4a4c18eee4b69aadabd3e3e0cd1eaf7
                                                          • Instruction Fuzzy Hash: A831E3B5931617BBDF24EFADA859D6F7FA8FF41668711001DE601A3600EB31A8108BB0
                                                          Function 00C88EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(014C1278,00C88C90,00C88EC0,00000000), ref: 00C88F0A
                                                          • GetLastError.KERNEL32 ref: 00C88F38
                                                          • TlsGetValue.KERNEL32 ref: 00C88F46
                                                          • SetLastError.KERNEL32(00000000), ref: 00C88F4F
                                                          • RtlAcquireSRWLockExclusive.NTDLL(014C1284), ref: 00C88F61
                                                          • RtlReleaseSRWLockExclusive.NTDLL(014C1284), ref: 00C88F73
                                                          • TlsSetValue.KERNEL32(00000000,?,?,00000000,00C6B080), ref: 00C88FB5
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                                          • String ID:
                                                          • API String ID: 389898287-0
                                                          • Opcode ID: 015914b3a0703b02915f4e6115e56159d27e105393e438cf34b3ecaec7c26fe3
                                                          • Instruction ID: 4121f9533c6d5707a9607ad001335b16c9c516beef9598cca7b5aac0df03527a
                                                          • Opcode Fuzzy Hash: 015914b3a0703b02915f4e6115e56159d27e105393e438cf34b3ecaec7c26fe3
                                                          • Instruction Fuzzy Hash: D02107796102059FE7707FA4EC08B7E37AAFB05B04F810028FA05E6255DB319914CBA1
                                                          Function 0129F61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WS2_32(00000002,00000002,00000011), ref: 0129F673
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01296921,?,?,?,?,01296A0A,?,?,00000000,?,0128E976,00000000), ref: 0129F68A
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01296921,?,?,?,?,01296A0A,?,?,00000000,?,0128E976,00000000), ref: 0129F6AB
                                                          • closesocket.WS2_32(?), ref: 0129F6E6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable$closesocketsocket
                                                          • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                                          • API String ID: 65193492-3368084233
                                                          • Opcode ID: c1841017b63ed50fa3ea9cffcb992b84779706c1bc22fcbe89eecb2fa65b7306
                                                          • Instruction ID: 343866c7deae8a404b6410e43c5c760355161fe0d990323eaca9d882fc3654b8
                                                          • Opcode Fuzzy Hash: c1841017b63ed50fa3ea9cffcb992b84779706c1bc22fcbe89eecb2fa65b7306
                                                          • Instruction Fuzzy Hash: D421CF32174B126FEB746F7EAE09A167FE4FF41728F10041DE252DA5A0DBA1A0058B90
                                                          Function 012A001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(winsta.dll,?,012978D9,01547120), ref: 012A0023
                                                          • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 012A003C
                                                          • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 012A0052
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$LibraryLoad
                                                          • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                                          • API String ID: 2238633743-2382846951
                                                          • Opcode ID: 0e20043907f1be8a98928dd25251538330d801a83c3cb8c849aa3cb7a55979ba
                                                          • Instruction ID: ac845762978546472976451b6fb84ce5cca210c1d267eb4b627dfdb5ca6de381
                                                          • Opcode Fuzzy Hash: 0e20043907f1be8a98928dd25251538330d801a83c3cb8c849aa3cb7a55979ba
                                                          • Instruction Fuzzy Hash: 8F015EB0561305CFD7189FB1980DA613BE4BB08758F8644BDF50DCF212DA319018EF18
                                                          Function 0122CB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • glyph_cache_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0122CB1E
                                                          • brush_cache_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?), ref: 0122CB26
                                                          • pointer_cache_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?), ref: 0122CB2E
                                                          • bitmap_cache_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?), ref: 0122CB36
                                                          • offscreen_cache_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?), ref: 0122CB3E
                                                          • palette_cache_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?), ref: 0122CB46
                                                          • nine_grid_cache_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,?), ref: 0122CB4E
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                                          • String ID:
                                                          • API String ID: 637575458-0
                                                          • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                                          • Instruction ID: 8784f2f33e8135aa2f10cbb9fd34a02e20627e5ebd0ae3cec199b8fed4845a43
                                                          • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                                          • Instruction Fuzzy Hash: EDE01231431A26BBCA323F65DC01C7EBBA6BF316517004538E59A21975DB22AC70AE91
                                                          Function 0126DFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_CRgnToRect.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0126E040
                                                          • gdi_RgnToRect.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?), ref: 0126E04F
                                                          • gdi_CRgnToRect.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0126E062
                                                          • gdi_RgnToRect.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?), ref: 0126E0A3
                                                          • gdi_CRgnToRect.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,?,?,?,?), ref: 0126E0C8
                                                          • gdi_RectToCRgn.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0126E147
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Rectgdi_
                                                          • String ID:
                                                          • API String ID: 2404991910-0
                                                          • Opcode ID: 72a2d2e4525fec03b32a2e547b70708c8b58b81c2bcffaf89644c19933ee1193
                                                          • Instruction ID: 4351a7b3b3f7c2fdd1cc0f2b36b72535593d5244ba9e770a7e83ca73c7e5f4f5
                                                          • Opcode Fuzzy Hash: 72a2d2e4525fec03b32a2e547b70708c8b58b81c2bcffaf89644c19933ee1193
                                                          • Instruction Fuzzy Hash: 1251D6B5D1121AEFCF14DF98C8808EEBBB9FF48310B21405AE515B7250D770AA91DFA0
                                                          Function 01241D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_set_uint32.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,000007C0,?), ref: 01241DA2
                                                          • freerdp_settings_set_bool.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,000007C8,00000001), ref: 01241DCC
                                                          • freerdp_settings_set_bool.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,000007C8,00000000), ref: 01241DE8
                                                          • freerdp_settings_set_bool.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,000007C9,00000000), ref: 01241DFC
                                                          • freerdp_settings_set_bool.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,000007C8,00000000), ref: 01241E19
                                                          • freerdp_settings_set_bool.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,000007C9,00000000), ref: 01241E2D
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                                          • String ID:
                                                          • API String ID: 4272850885-0
                                                          • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                                          • Instruction ID: feb8a8dc91e08926d4ed13c554b6d10fa14d25bf893f89985d6eb5efe16cdb6d
                                                          • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                                          • Instruction Fuzzy Hash: 9F11A56AFB5227B7F97824694C82F6F365C4F72A54F040025FF08E51C0E9D5F2A184B6
                                                          Function 01268AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_image_copy.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 01268C2B
                                                          Strings
                                                          • 1bpp and 4bpp icons are not supported, xrefs: 01268DB5
                                                          • freerdp_image_copy_from_icon_data, xrefs: 01268DBA
                                                          • com.freerdp.color, xrefs: 01268D98
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 01268DBF
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_image_copy
                                                          • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                                          • API String ID: 1523062921-332027372
                                                          • Opcode ID: 69c5b9178d526e2b0b5b7e83c642a8cfc2298adf3fbee950c78bd63e59c84c3f
                                                          • Instruction ID: 81b7b441c055ee3f646bbeff97d330eb49ddb28ea032690b26a2f62bb2d0e883
                                                          • Opcode Fuzzy Hash: 69c5b9178d526e2b0b5b7e83c642a8cfc2298adf3fbee950c78bd63e59c84c3f
                                                          • Instruction Fuzzy Hash: 7E51B9B261031EAADF249F29DC40BFA7BACEF25214F048169FB15A61C0D7709AC5CF64
                                                          Function 01288423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: kbd-lang-list$kbd-list$monitor-list
                                                          • API String ID: 0-1393584692
                                                          • Opcode ID: a47d93f7be3e0ff8445d8ce2bb8d2f1e76b9e155bf995428e7730a8cd7c0b72e
                                                          • Instruction ID: 988525f86b9e408326ffbb784695acf6bfe54d9c2580999eb6d3455972b5bde7
                                                          • Opcode Fuzzy Hash: a47d93f7be3e0ff8445d8ce2bb8d2f1e76b9e155bf995428e7730a8cd7c0b72e
                                                          • Instruction Fuzzy Hash: 9231BB3292222A9ADB20EA6CDD45DDBB7ECEB14314F44019AF914E71D1D674D940CBD0
                                                          Function 01259962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 01259AF0
                                                          • interleaved_compress, xrefs: 01259AF5
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 01259AFA
                                                          • com.freerdp.codec, xrefs: 01259AD0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                                          • API String ID: 0-4054760794
                                                          • Opcode ID: 0f655d638684ed5587d3991863f9466ca0780cf36788ee8197e3c5eae38dd019
                                                          • Instruction ID: e84fefa04d45f07010d4280cb593cb6498f8038bc8ec9a49795e890dbaaf6d9e
                                                          • Opcode Fuzzy Hash: 0f655d638684ed5587d3991863f9466ca0780cf36788ee8197e3c5eae38dd019
                                                          • Instruction Fuzzy Hash: 4021C2B2311206FBFF659E5ADC86FAB3B6CEB04658F084118FF145A190E771E890DB60
                                                          Function 0128E489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293DA3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                                          • API String ID: 689400697-1744466472
                                                          • Opcode ID: 4308cc499754dbb0676a9936b91948d52e4eca0024bf9953211bd142aab53b0a
                                                          • Instruction ID: dd3aec77b18e50492848974f157f3e9bd09c686598da6ba8d5c9f8591a144555
                                                          • Opcode Fuzzy Hash: 4308cc499754dbb0676a9936b91948d52e4eca0024bf9953211bd142aab53b0a
                                                          • Instruction Fuzzy Hash: 59219936251305BFDF226E5AEC06DAB3FB9FB58B14F010058FB18551E0D672C961DBA0
                                                          Function 0128E492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293CC8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                                          • API String ID: 689400697-743139187
                                                          • Opcode ID: 78cec5e2227f0411e769814e6d55a79980dc7403d3aee9bde9b1ed1f60a49922
                                                          • Instruction ID: d85735f196f3035e619160bbd824f3c0fbf7f16abd161188d7b491112603f1b6
                                                          • Opcode Fuzzy Hash: 78cec5e2227f0411e769814e6d55a79980dc7403d3aee9bde9b1ed1f60a49922
                                                          • Instruction Fuzzy Hash: 7C21C936251245BFEF266F5ADC06EAB3FB9FB58B54F010058FB18591E0C672D920DBA0
                                                          Function 012111D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 012111FA
                                                          • getChannelError.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01211248
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ChannelError_strlen
                                                          • String ID: ($ChannelDetached$freerdp
                                                          • API String ID: 3987305115-436519898
                                                          • Opcode ID: a818a7cd397052919c744a45fbf42c0641cd98b1dba7277b95a14a1cbf2245ae
                                                          • Instruction ID: d40423ff96c20a9ab3f7db7768e24602db4a2c1d4a0b8c4a171e3d2aea99dcc7
                                                          • Opcode Fuzzy Hash: a818a7cd397052919c744a45fbf42c0641cd98b1dba7277b95a14a1cbf2245ae
                                                          • Instruction Fuzzy Hash: 70212EB1A1020AEFDB11DFA8C885FEEBBF5BF18344F104469EA44E7255D770AA50DB90
                                                          Function 01210B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 01210B64
                                                          • getChannelError.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01210BB2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ChannelError_strlen
                                                          • String ID: ($ChannelAttached$freerdp
                                                          • API String ID: 3987305115-2646891115
                                                          • Opcode ID: bfcd822427fd03b1915936a3212339daf22edf994952acefbdedbde2e3374322
                                                          • Instruction ID: 0553ffd1e3417f5da050948e30164c17a261c750831971cc688865529a0c4845
                                                          • Opcode Fuzzy Hash: bfcd822427fd03b1915936a3212339daf22edf994952acefbdedbde2e3374322
                                                          • Instruction Fuzzy Hash: 6D215E71A1020AEFDB11DF98C884FAEBBF4BF18344F104069F944A7255E770AA908FA4
                                                          Function 0128E40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 012932F9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                                          • API String ID: 689400697-1172745827
                                                          • Opcode ID: e22beb673acf7de68228246dc2f2579a5c4f5f79302587972d28a47234546a49
                                                          • Instruction ID: 8b3dd2a3ac33844e44c29fb3d2c11f003ee20fd0b14c2285a736bc37471e3225
                                                          • Opcode Fuzzy Hash: e22beb673acf7de68228246dc2f2579a5c4f5f79302587972d28a47234546a49
                                                          • Instruction Fuzzy Hash: 0F11BB352903157FEF256E5A9C06E6B3FA9FB94B14F010058FB18651D0DA71C920DBE4
                                                          Function 0128E401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 0129384E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                                          • API String ID: 689400697-2008077614
                                                          • Opcode ID: 8f34d8c89596a305cb533f8e2b116198fe9b7fd1e9622e30c81033a62a1c676f
                                                          • Instruction ID: 363378b0eb9487cf2965c9a91a8678458eb253cf5064e6450bccdeed29a9cb73
                                                          • Opcode Fuzzy Hash: 8f34d8c89596a305cb533f8e2b116198fe9b7fd1e9622e30c81033a62a1c676f
                                                          • Instruction Fuzzy Hash: 8A11B7362513057BEF256E5AAC06E673FA9FB54B14F010059FB14691D0D671C920DBA0
                                                          Function 0128E413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293227
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                                          • API String ID: 689400697-2657764935
                                                          • Opcode ID: 237b21fcec43ba96588470cf63e568501e77526fbe103769d15170ca31ba000b
                                                          • Instruction ID: 570d9a5a579324889191951a74aa808a7db430c6174c9bdf866839ad630d8de9
                                                          • Opcode Fuzzy Hash: 237b21fcec43ba96588470cf63e568501e77526fbe103769d15170ca31ba000b
                                                          • Instruction Fuzzy Hash: 4B11EB356503057FEF215E5AEC0AE673FA9FB54B14F010098FB18551D0C671C921DBE0
                                                          Function 0128E46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 0129360B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                                          • API String ID: 689400697-848437295
                                                          • Opcode ID: f9c7114aff1d8e996ace0fed5ff242be93fcb671966a980b442289b4a60951fd
                                                          • Instruction ID: 6c4472ffc62926608b2acc18a9066fc1bdc77bc01474a9af09601d5a52add640
                                                          • Opcode Fuzzy Hash: f9c7114aff1d8e996ace0fed5ff242be93fcb671966a980b442289b4a60951fd
                                                          • Instruction Fuzzy Hash: 9411EB393913117FEF256D6BAC07F673FBDEB95A14F000058FA18992D0DAA1C9149BE4
                                                          Function 0128E476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293548
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                                          • API String ID: 689400697-3257054040
                                                          • Opcode ID: c00fc63f647442910abfb89455ca0ac5435e9dc7ad8b5c44526f3218d4b76f44
                                                          • Instruction ID: 47cf1bdbcec0c8fb86e0a76cf7c8e93f51b3b6bf7e042f2866bb087374aad914
                                                          • Opcode Fuzzy Hash: c00fc63f647442910abfb89455ca0ac5435e9dc7ad8b5c44526f3218d4b76f44
                                                          • Instruction Fuzzy Hash: 2711C8793513127BEF35695ABC07F673EADFB98B14F000058FA149A1D0DAA1CA149BA0
                                                          Function 0128E452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 012933CB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                                          • API String ID: 689400697-3640258815
                                                          • Opcode ID: 8d4476511ec50c0be47a294baada591c0d265e95b91f88856055057d5dfdb268
                                                          • Instruction ID: 68c3fcaff8c0c1722f85683e6f790e2706a26a33e2aef8f5185404265072835d
                                                          • Opcode Fuzzy Hash: 8d4476511ec50c0be47a294baada591c0d265e95b91f88856055057d5dfdb268
                                                          • Instruction Fuzzy Hash: E3112B393913057BEF356A5AAC07E373EBDFB91A24F010058FB04AA1D0C6A189109BE0
                                                          Function 0128E49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01294481
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                                          • API String ID: 689400697-3834539683
                                                          • Opcode ID: f7068e9ce98cf96d407569a57ae21b7ed019190f872b4c6afcb7b7c11bb9638e
                                                          • Instruction ID: b46ebc5c3ba8bd091726eb704b95bcc60bacd58c3be73a6d0aef52ef8fa499ae
                                                          • Opcode Fuzzy Hash: f7068e9ce98cf96d407569a57ae21b7ed019190f872b4c6afcb7b7c11bb9638e
                                                          • Instruction Fuzzy Hash: BD112B39350351BFEF303A4AAD07E273FACD794B14F004058FB04A91D4DAA1C911DBA0
                                                          Function 0128E4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 0129417E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                                          • API String ID: 689400697-1164902870
                                                          • Opcode ID: 0aef95aa5b44e8c836bb89f2eee04e8a55a60641c9fac582258bd88ac287ee3f
                                                          • Instruction ID: cb171c67142fee66fda3d6b5850eedf4e452af500ceb84c14a7affd056dfa11f
                                                          • Opcode Fuzzy Hash: 0aef95aa5b44e8c836bb89f2eee04e8a55a60641c9fac582258bd88ac287ee3f
                                                          • Instruction Fuzzy Hash: C6112B793513527BEF353A5AAD07E273EACE7A4B14F000098FA04A91D0DAA1C6119BE0
                                                          Function 0128E4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01294544
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                                          • API String ID: 689400697-1495805676
                                                          • Opcode ID: 06b109334b31d6e61d1906e1e5c21c18a6dfc74b9470275ecaf4a9e07bde98dc
                                                          • Instruction ID: 53c34f3b3efde15aeb58207d7586381f91dd67898392cc30b1df65099e241ea7
                                                          • Opcode Fuzzy Hash: 06b109334b31d6e61d1906e1e5c21c18a6dfc74b9470275ecaf4a9e07bde98dc
                                                          • Instruction Fuzzy Hash: F21108793903417BEF21399ABD06F673EACE7A4B24F000098FB04995C0D6A1C9119BA4
                                                          Function 0128E4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 012940BB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                                          • API String ID: 689400697-247170817
                                                          • Opcode ID: 3ce2ccbf945201e9f563f1887964aa2b9c3faf8cb4ab4ce08c9575ee6f68b299
                                                          • Instruction ID: 97e829bed86279a672106a5239a004ea611a9f6f9fc45a462c816083ea58c36e
                                                          • Opcode Fuzzy Hash: 3ce2ccbf945201e9f563f1887964aa2b9c3faf8cb4ab4ce08c9575ee6f68b299
                                                          • Instruction Fuzzy Hash: 8B112B793903417FEF21395EEC07E273EACE7A5B14F01405CFA14A91C0D6A1C9109BA0
                                                          Function 01261A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ncrush_context_reset.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,00000000), ref: 01261B36
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 01261B19
                                                          • com.freerdp.codec, xrefs: 01261AF1
                                                          • ncrush_context_new, xrefs: 01261B14
                                                          • ncrush_context_new: failed to initialize tables, xrefs: 01261B0F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ncrush_context_reset
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                                          • API String ID: 2838332675-904927664
                                                          • Opcode ID: e12edf31558ccdd666c2402a11b5ffeaa420b246cd3d7b6c3f7623d022e191f9
                                                          • Instruction ID: 8e6db4733e84f818cd4a1c564257605c293dab512c976809e8ffabe2434e5ac8
                                                          • Opcode Fuzzy Hash: e12edf31558ccdd666c2402a11b5ffeaa420b246cd3d7b6c3f7623d022e191f9
                                                          • Instruction Fuzzy Hash: 1B110BB22507037AE714AF16AC41FA6B7ACEB51758F10411DF614562C0FFB2A99087A0
                                                          Function 0128E4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293E7E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                                          • API String ID: 689400697-2578917824
                                                          • Opcode ID: f92002ea3d8073292bddb31eea936d8ae43fdb94fbacb8211afaa06442f40994
                                                          • Instruction ID: 0bc2f7835e1efb2d7f8d5fe4adca8766b95c9931b518563b8b64eea2f09759f9
                                                          • Opcode Fuzzy Hash: f92002ea3d8073292bddb31eea936d8ae43fdb94fbacb8211afaa06442f40994
                                                          • Instruction Fuzzy Hash: D511EB793553117BEF316A6EAC07E373AECFB95B18F000059F618991D0D6A2891097E0
                                                          Function 0128E4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293F3E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                                          • API String ID: 689400697-3211427146
                                                          • Opcode ID: ac065158f4ce6c1b6f838d03f8c56814a37aeabe3da662246da8b4b1064ee692
                                                          • Instruction ID: a1962bb5a6a1ffb022b5d8f2d29b86bbd154678f3c81beef1f6f575145fe63fa
                                                          • Opcode Fuzzy Hash: ac065158f4ce6c1b6f838d03f8c56814a37aeabe3da662246da8b4b1064ee692
                                                          • Instruction Fuzzy Hash: 2C11AB393553117BEF356A6AEC07E273EBDF795B14F004098F618A91D0DAA1C9149BE0
                                                          Function 0128E4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 012936CE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                                          • API String ID: 689400697-3413647607
                                                          • Opcode ID: 942607a747118a362f9782c364b80a7725ebfd66d4fa9bbd116ee3f46b6a59fa
                                                          • Instruction ID: 733532f495b1d25b53b3453840d5bea51914bed866a46c98a5f2c9763b188432
                                                          • Opcode Fuzzy Hash: 942607a747118a362f9782c364b80a7725ebfd66d4fa9bbd116ee3f46b6a59fa
                                                          • Instruction Fuzzy Hash: 1D11EB793913517FEF256A5AEC07E6B3AEDE7A1A14F000058F614A91D0D6A1C9149BA0
                                                          Function 0128E4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 0129378E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                                          • API String ID: 689400697-3754301720
                                                          • Opcode ID: 6c91148df1eff9ed9ebded231c9ff68ccc260bb56cf5a04f50e81024527a9d8b
                                                          • Instruction ID: 65146f299f16b02c737891bcf28f970c5e6edbc1e1b2ed68c88d247eddd2438f
                                                          • Opcode Fuzzy Hash: 6c91148df1eff9ed9ebded231c9ff68ccc260bb56cf5a04f50e81024527a9d8b
                                                          • Instruction Fuzzy Hash: 5B11EE793913517BEF24665EEC07E6B3BECF755A54F000058FB18991D0D6A1C91097A0
                                                          Function 0126954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_image_copy.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 012695B5
                                                          Strings
                                                          • freerdp_image_scale, xrefs: 012695EB
                                                          • SmartScaling requested but compiled without libcairo support!, xrefs: 012695E6
                                                          • com.freerdp.color, xrefs: 012695C8
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 012695F0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_image_copy
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                                          • API String ID: 1523062921-212429655
                                                          • Opcode ID: 992bbe0aa7d0e5777c49cf0f59f202a88a74a8b9cfdc62a696e76589285b2707
                                                          • Instruction ID: 8811ec8563f155da863f667318c5c8a78fa5446c29676b9a4e9c3c673c6cc35f
                                                          • Opcode Fuzzy Hash: 992bbe0aa7d0e5777c49cf0f59f202a88a74a8b9cfdc62a696e76589285b2707
                                                          • Instruction Fuzzy Hash: 8921B4B225020EBFDF15AE58EC12FAD3BA9EB14708F044119FE145A1D0E671D990DB40
                                                          Function 0128E425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 012939DD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                                          • API String ID: 689400697-1972714555
                                                          • Opcode ID: 4b1fa1be1f7b7e7f3edbcf43a54cd711581cacf9b67df3e99f3d6392cdeb03da
                                                          • Instruction ID: d5b7273cbdfacf7a22ea87e15e11f2cba5e3ea3c8be75635e276f479e91422ff
                                                          • Opcode Fuzzy Hash: 4b1fa1be1f7b7e7f3edbcf43a54cd711581cacf9b67df3e99f3d6392cdeb03da
                                                          • Instruction Fuzzy Hash: 2711CD397913117BEF25665FAC07E273EACE795E54F000058F6189A1D0D6A1851097E0
                                                          Function 0128E41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293920
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                                          • API String ID: 689400697-2845897268
                                                          • Opcode ID: 665d04b6afbd37738f3e0976f9d4350537b3216f85a5dc05c6464cb4886e70d4
                                                          • Instruction ID: 6578d4cffe9a6c61f03126d39ec42c94604026f9d6b48a9186db90f68c1165a2
                                                          • Opcode Fuzzy Hash: 665d04b6afbd37738f3e0976f9d4350537b3216f85a5dc05c6464cb4886e70d4
                                                          • Instruction Fuzzy Hash: 9C110A393913127BFF20651FAC07F273EECE7A4B54F000058F6089A1C0DAA189109BE0
                                                          Function 0128E449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01292F33
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                                          • API String ID: 689400697-255015424
                                                          • Opcode ID: 911525e0fbfe247487562ace41fd08fd57531c9db05d4c613dd17cbdda881141
                                                          • Instruction ID: 2e8ace7088dd56a0ba45c5f1816a629928e428b33a2d13948bded69682a08d26
                                                          • Opcode Fuzzy Hash: 911525e0fbfe247487562ace41fd08fd57531c9db05d4c613dd17cbdda881141
                                                          • Instruction Fuzzy Hash: 18110A393953127FEF24265EEC07E673EACEBA5B24F000058FA18A91D0D6A1C91087E0
                                                          Function 0128E440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01292FF0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                                          • API String ID: 689400697-1149382491
                                                          • Opcode ID: e8e18cc58a04291e91125cbc8e58e4a5e645b7fe74d13f3001aac0b85ebd0914
                                                          • Instruction ID: aa91659fec34f3efd4121bac1a85e541d3be268a7507e19525cc2903c9c2d668
                                                          • Opcode Fuzzy Hash: e8e18cc58a04291e91125cbc8e58e4a5e645b7fe74d13f3001aac0b85ebd0914
                                                          • Instruction Fuzzy Hash: E911CA393553517BEB34666FEC0BE673FADEBA1B54F010098FA1C991C0D6A1891097E0
                                                          Function 0128E4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293FFE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                                          • API String ID: 689400697-2156878011
                                                          • Opcode ID: eeebb6b15703665d7af0bc2d9287df44b088d75be1670c9c86a331156e2998a6
                                                          • Instruction ID: 2f3dd986a70f469e511fd64f02d203e557747678d4b50e193da85a9a1391cb7f
                                                          • Opcode Fuzzy Hash: eeebb6b15703665d7af0bc2d9287df44b088d75be1670c9c86a331156e2998a6
                                                          • Instruction Fuzzy Hash: 71110A393953557FEB35351EED0BF273AACE790B18F010098F608AA1C0DAA285118BE0
                                                          Function 0128E4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 012930AD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                                          • API String ID: 689400697-2261828479
                                                          • Opcode ID: ab78484bbcbbe2002bb592577d2c63da06aff048c18581d2f6394a7ed992f9e4
                                                          • Instruction ID: 9a1d3cd5382217ef0477de0254742f82cc2d27cdbc9ec19687327d7a1538321a
                                                          • Opcode Fuzzy Hash: ab78484bbcbbe2002bb592577d2c63da06aff048c18581d2f6394a7ed992f9e4
                                                          • Instruction Fuzzy Hash: D811EB753553117BEF30665AAC0BE773AFDE795A14F000058F6189A1D0DAA1891586E0
                                                          Function 0128E4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 0129316A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                                          • API String ID: 689400697-3351603741
                                                          • Opcode ID: 5c8a14993723f2fdae502e391226e349fa729a99bdb4eac37e0d85eda305a154
                                                          • Instruction ID: 513fc69d48443db3c7401c8a2950ade5b701d116b1bc9791e3a437f4815e9d57
                                                          • Opcode Fuzzy Hash: 5c8a14993723f2fdae502e391226e349fa729a99bdb4eac37e0d85eda305a154
                                                          • Instruction Fuzzy Hash: 74110A793953157BEF34765EAC0BE673EBCEBA5B14F000098FA18991D0D6A1C914D7E0
                                                          Function 0128E507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293A9A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                                          • API String ID: 689400697-4185332897
                                                          • Opcode ID: 62c6b8cac87159daf90cc7afa646b89315da98773fb72f11ae15e66ef72f16be
                                                          • Instruction ID: b3defb01b3b3aae3455a3999e9c7996fec572f3e30d8bbd5d4ddbe7388bb2c53
                                                          • Opcode Fuzzy Hash: 62c6b8cac87159daf90cc7afa646b89315da98773fb72f11ae15e66ef72f16be
                                                          • Instruction Fuzzy Hash: C811EC797913517BEB35655FAD07E273AECE7A5A14F000068F608991D0D991891087E0
                                                          Function 0128E510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 0129348E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                                          • API String ID: 689400697-3116451197
                                                          • Opcode ID: 4cadc5bebaa6e6d7bfd38af0df44a20805aad884e156fb934ccc5426d6e95169
                                                          • Instruction ID: 25fe81ebddd7adf8f50811ee182cca2f346f2acf4c269e4a6610ddf507b489a8
                                                          • Opcode Fuzzy Hash: 4cadc5bebaa6e6d7bfd38af0df44a20805aad884e156fb934ccc5426d6e95169
                                                          • Instruction Fuzzy Hash: 1F11063D3913117BEB35652EBC0BF273EACE7A5A24F0140A8F6089A1C0DAA1C91086A0
                                                          Function 0128E464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293C0E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                                          • API String ID: 689400697-4242683877
                                                          • Opcode ID: ede58a5350def8dcb55d30bd9e3308cada8b0d3bb6679de393eb9fa611d8f8c4
                                                          • Instruction ID: 4357b45d4e3f2d003e2c778e7a462e90dd23d6064f96925d7a58181229c66267
                                                          • Opcode Fuzzy Hash: ede58a5350def8dcb55d30bd9e3308cada8b0d3bb6679de393eb9fa611d8f8c4
                                                          • Instruction Fuzzy Hash: EA11EC393513517BEB25752FAD07F673EACE7A1A14F000098F6049A1D0D991CA1097E0
                                                          Function 0128E45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01293B54
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                                          • API String ID: 689400697-1791514552
                                                          • Opcode ID: c05a826c4ea55346298007e9ed0b5a6e233227f02458eba9be9818e2d4143e12
                                                          • Instruction ID: a5a479870ea65eb8bfebf0c3a91f0ae495f0c083b24b2b85e65c8ae13d974d74
                                                          • Opcode Fuzzy Hash: c05a826c4ea55346298007e9ed0b5a6e233227f02458eba9be9818e2d4143e12
                                                          • Instruction Fuzzy Hash: 7B11EC393953117BEF25655FAC07E773EACE7A5A14F010098F6089A1C0E9A1891497E4
                                                          Function 0128E4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(015470C8,01294AA1,00000000,00000000), ref: 01294241
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                                          • API String ID: 689400697-954186549
                                                          • Opcode ID: 69478b18d790800572fdf020d1ec6a074db0153751a5136e63731fbe19c7a6af
                                                          • Instruction ID: b102ac2430c1bec4f9f6eab17e8170210530a3a31b31e469074dfdf0d165f9f1
                                                          • Opcode Fuzzy Hash: 69478b18d790800572fdf020d1ec6a074db0153751a5136e63731fbe19c7a6af
                                                          • Instruction Fuzzy Hash: 83110A397913517BFB34355FBD07F373EACE7A0A14F0100D9FA08A91C4D9A18A118AA0
                                                          Function 013165C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • primitives_get.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE ref: 013165CB
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 01316633
                                                          • error when decoding lines, xrefs: 01316629
                                                          • yuv_process_work_callback, xrefs: 0131662E
                                                          • com.freerdp.codec, xrefs: 0131660B
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: primitives_get
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                                          • API String ID: 2017034601-2620645302
                                                          • Opcode ID: 4485c751655922edfde8ca9e611275f42c26f6d27cd216c16e57adbd6a37d19e
                                                          • Instruction ID: 27a3e99819066704a58d2d677cb847098e9dc9d911521a2d1e1d20a94c0c0d95
                                                          • Opcode Fuzzy Hash: 4485c751655922edfde8ca9e611275f42c26f6d27cd216c16e57adbd6a37d19e
                                                          • Instruction Fuzzy Hash: D301B9F1600306FFD718EF55DC02F5A7BA8FF08718F11455AF9049A285EAB1E984CB94
                                                          Function 01311D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %zd;NAME=%s%zd;PASS=%s
                                                          • API String ID: 4218353326-3114484625
                                                          • Opcode ID: 827ff291d0dc011204977ef7f3227a883832a6264650ea623a2c3dfa6f997f31
                                                          • Instruction ID: f5170cac685a6d729ff82416df9ff59ab72e6d438139e7eb62522154bff1c46f
                                                          • Opcode Fuzzy Hash: 827ff291d0dc011204977ef7f3227a883832a6264650ea623a2c3dfa6f997f31
                                                          • Instruction Fuzzy Hash: 09016975E00208BFDF09EFA8DC80AEDBBB4EF04208F00847EEE05A6251E6758650DB44
                                                          Function 01269EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_extents.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01269F06
                                                          • region16_extents.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?), ref: 01269F12
                                                          • region16_n_rects.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?), ref: 01269F1D
                                                          • region16_n_rects.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01269F7D
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: region16_extentsregion16_n_rects
                                                          • String ID:
                                                          • API String ID: 2062899502-0
                                                          • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                                          • Instruction ID: 4efaebcd3d50e9cc73c6e916c7cafbabfdeeca8a92df67fdf46d5f453a38bf9f
                                                          • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                                          • Instruction Fuzzy Hash: 57511A75E1012A9FCB14DF99C8409BEF7F9FF18750B55816AE859A7250E334AE80CBA0
                                                          Function 0131408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: _strncpy
                                                          • String ID:
                                                          • API String ID: 2961919466-0
                                                          • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                                          • Instruction ID: 288f833f0da8bd57c91150c86cae835992fba939dd952c0a2157e58fcd3ac30a
                                                          • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                                          • Instruction Fuzzy Hash: FC1196B9800707AEDB355E64E848B92FBBCFF18308F04492AE69983511F331E55CC7A1
                                                          Function 00C88E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(014C1278,00C88C90,00C88EC0,00000000), ref: 00C88E6A
                                                          • GetLastError.KERNEL32 ref: 00C88E7F
                                                          • TlsGetValue.KERNEL32 ref: 00C88E8D
                                                          • SetLastError.KERNEL32(00000000), ref: 00C88E96
                                                          • TlsAlloc.KERNEL32 ref: 00C88EC3
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastOnce$AllocExecuteInitValue
                                                          • String ID:
                                                          • API String ID: 2822033501-0
                                                          • Opcode ID: 201b2b5597b5966d6f5875cc4829650c5e05eba6bb514d3566888e6793e41234
                                                          • Instruction ID: 592c67185fbcd5f0b47d320c73edbfc8246bf428c12d43fb2c9f91947da7347b
                                                          • Opcode Fuzzy Hash: 201b2b5597b5966d6f5875cc4829650c5e05eba6bb514d3566888e6793e41234
                                                          • Instruction Fuzzy Hash: 3B01D679610208DFDB30AFB5EC48A6A77BDFB49B14F910129F915E3254EB30A9148FA4
                                                          Function 00C6A790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                                          • API String ID: 4218353326-3992632484
                                                          • Opcode ID: 38d4212c5b5c1fea3827505ccf49a5104cceb1831009510469aff09d90657d44
                                                          • Instruction ID: 776d651bbb9971e8bc4848f7b95fb86af7f98752b0a2704312f500d149532277
                                                          • Opcode Fuzzy Hash: 38d4212c5b5c1fea3827505ccf49a5104cceb1831009510469aff09d90657d44
                                                          • Instruction Fuzzy Hash: 35415972E0031616EB309A518C81FBE7329FFD9384F144628ED55B7281FB708E55C792
                                                          Function 013149E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_print.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?), ref: 01314A72
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: audio_format_print
                                                          • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                                          • API String ID: 2744001552-3527835062
                                                          • Opcode ID: 7f5897ca7b31dd0423373e1a06f112c6286430603e0628e7266990118ad36820
                                                          • Instruction ID: 90a20568b1510b079e4d2b14b042959d4e6e3924e11655b829f4190ff12611d9
                                                          • Opcode Fuzzy Hash: 7f5897ca7b31dd0423373e1a06f112c6286430603e0628e7266990118ad36820
                                                          • Instruction Fuzzy Hash: 3211297328132673EB15BE1A6C42FBF3B5C9F62F24F56000AFD1461084E7B1D69082B9
                                                          Function 0128783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: audin$rdpsnd
                                                          • API String ID: 0-930729200
                                                          • Opcode ID: 9f57bbd4a10b4f9630b4b15d40de4b3196d686fd360322dedf9f288a61a58052
                                                          • Instruction ID: 0794540d6b94a15d4583ce123558d260428b80e8b18a8dd98b94056a26712a13
                                                          • Opcode Fuzzy Hash: 9f57bbd4a10b4f9630b4b15d40de4b3196d686fd360322dedf9f288a61a58052
                                                          • Instruction Fuzzy Hash: EB11B631A22A17EBE725DF69C4807AAF7A5BB04B41F24422EE36853181D7316490CBD1
                                                          Function 01244029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 0124403A
                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 01244060
                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 01244076
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: File$CreatePointer_strlen
                                                          • String ID: %s %hu %s %s %s
                                                          • API String ID: 4211031630-2916857029
                                                          • Opcode ID: 3631837d6f30e5adeea69f7d58d69b353fbd2b61fc7a97949653a070318af55c
                                                          • Instruction ID: b28361e6acf91ab1e61fcca1b01758eba60ae7822299ed7f1ef9b7d7827ae3c4
                                                          • Opcode Fuzzy Hash: 3631837d6f30e5adeea69f7d58d69b353fbd2b61fc7a97949653a070318af55c
                                                          • Instruction Fuzzy Hash: FB01A232201110BBDB312A66EC4AEA77F2DEF45774F248219FA18990D2D722C812D7A4
                                                          Function 01314701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_get_tag_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,?,?,?,?), ref: 01314737
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 01314748
                                                          • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 0131473E
                                                          • audio_format_print, xrefs: 01314743
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: audio_format_get_tag_string
                                                          • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                                          • API String ID: 2866491501-3564663344
                                                          • Opcode ID: aac1eac13f8fd611bdfe3fa0fc466c6d0984ed59c0a9f90cd14faf4401d8497c
                                                          • Instruction ID: a1d2e46c35b5c0448b55aab526a0e456df50434ef701bcd676dec1354d5ac65c
                                                          • Opcode Fuzzy Hash: aac1eac13f8fd611bdfe3fa0fc466c6d0984ed59c0a9f90cd14faf4401d8497c
                                                          • Instruction Fuzzy Hash: 1DF09075040218BADB041F42CC01E36376DEF08B18B20804AFD1C8C0A1E777D9E2E320
                                                          Function 01202713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_get_last_error.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01202725
                                                          • freerdp_set_last_error_ex.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 01202745
                                                          Strings
                                                          • freerdp_abort_connect, xrefs: 01202739
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 01202734
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                                          • API String ID: 3690923134-629580617
                                                          • Opcode ID: c333653edee956ceaf5a5e834eaf3ebd5c158bcf96556ca71b3202f3b900f002
                                                          • Instruction ID: a639eca5fab899e4809b51f33f8b6a3f02cd5238f0f98f79f7346ee01cf6023c
                                                          • Opcode Fuzzy Hash: c333653edee956ceaf5a5e834eaf3ebd5c158bcf96556ca71b3202f3b900f002
                                                          • Instruction Fuzzy Hash: EBE0D831260226EBEB3B2D14DC45BA5FB98AF10BA0F10051AE7C0764F2F7925440C580
                                                          Function 0131632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • primitives_get.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE ref: 0131633F
                                                          • primitives_flags.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000), ref: 01316353
                                                          • TpWaitForWork.NTDLL(00000000,00000000), ref: 013164A9
                                                          • TpReleaseWork.NTDLL(00000000), ref: 013164B2
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                                          • String ID:
                                                          • API String ID: 704174238-0
                                                          • Opcode ID: ce2b6b5aafa96441802899e4b88fb43fed8c187546e0c245c812b6ae3bb7d52f
                                                          • Instruction ID: 6c18fca83f7bd562eecad93f312449648d21c8875c7436a0be19a98666f9b6d0
                                                          • Opcode Fuzzy Hash: ce2b6b5aafa96441802899e4b88fb43fed8c187546e0c245c812b6ae3bb7d52f
                                                          • Instruction Fuzzy Hash: FA613BB5A0060ADFCB18CFA8C9819AEBBF5FF48314B14856AE955E7310DB70E951CF90
                                                          Function 0126C297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_SetRgn.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?,?,00000000,00000001,?,?), ref: 0126C324
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: gdi_
                                                          • String ID:
                                                          • API String ID: 2273374161-0
                                                          • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                                          • Instruction ID: d1d7b8f6efdcc3e7f6a481c91654ae7a7307c95e27a835e7f202ea247b163335
                                                          • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                                          • Instruction Fuzzy Hash: B131CD71910209EFDB10EF98C9849AEBBFDFF58210F14806AE955E7250D335EA95CFA0
                                                          Function 01295C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 01295C16
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01295C34
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01295C54
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01295C9A
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$Leave$Enter
                                                          • String ID:
                                                          • API String ID: 2978645861-0
                                                          • Opcode ID: 72f4ef431bbec86cdf1d174eaab57e837ac00a687bf427a20b2c5e7ec8601c8d
                                                          • Instruction ID: b4db6caecf7186398714259a23537a13e2289d3baaa288c14cc7b6b020a0ef0a
                                                          • Opcode Fuzzy Hash: 72f4ef431bbec86cdf1d174eaab57e837ac00a687bf427a20b2c5e7ec8601c8d
                                                          • Instruction Fuzzy Hash: 6E217F35620746EFDB268F1DC984A697BF8FB45321F11466EEA82A7240D770A941CB50
                                                          Function 01269BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_rects.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000000), ref: 01269BDC
                                                          • region16_extents.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01269BEC
                                                          • rectangles_intersects.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,?), ref: 01269BF7
                                                            • Part of subcall function 012697FD: rectangles_intersection.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,?,?), ref: 0126980C
                                                          • rectangles_intersects.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,?), ref: 01269C1A
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                                          • String ID:
                                                          • API String ID: 3854534691-0
                                                          • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                                          • Instruction ID: 511fd746f28ee66d0b8248c3563fbfaeb41b043da2f96d6e9345f2e5f6f83868
                                                          • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                                          • Instruction Fuzzy Hash: B901C43313421A6EAF259A59D880ABB77DCDB54568F14401AEA18960C8EF35E8C1C3A8
                                                          Function 01281F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE ref: 01281F56
                                                          • freerdp_context_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,00000000,?,?), ref: 01281FA4
                                                          • freerdp_register_addin_provider.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000000), ref: 01281FC7
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                                          • String ID:
                                                          • API String ID: 3731710698-0
                                                          • Opcode ID: 62c7b9b92b4c07fe9d3624ca92160d4f656a4388d56503359e8150b9074bc408
                                                          • Instruction ID: d79e5d92ca8395501b41bccb659d59b31f4892d9092a99cda6551c8cceeb7009
                                                          • Opcode Fuzzy Hash: 62c7b9b92b4c07fe9d3624ca92160d4f656a4388d56503359e8150b9074bc408
                                                          • Instruction Fuzzy Hash: 7B11A331625B039FD725BF6AE800BA6BBE9BF74220F10451DE659872C0EB71F461C690
                                                          Function 0131621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: __aligned_free
                                                          • String ID:
                                                          • API String ID: 733272558-0
                                                          • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                                          • Instruction ID: be58b9199cff26c08550de73bead19cc16679bc53c135c7c36217d77a5d92f84
                                                          • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                                          • Instruction Fuzzy Hash: 5AE04F31431B197FCA717BA4CD119ABFBA8BF21606B040428EA4A57530D661A8599BD0
                                                          Function 01216AF2 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000), ref: 01217326
                                                            • Part of subcall function 01217F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 01217FCC
                                                            • Part of subcall function 01217F9B: freerdp_settings_set_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?,00000680,?), ref: 01217FFC
                                                          • freerdp_settings_set_string.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000,00000086,?), ref: 01216D8C
                                                          Strings
                                                          • C:\Windows\System32\mstscax.dll, xrefs: 01216F3F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                                          • String ID: C:\Windows\System32\mstscax.dll
                                                          • API String ID: 2334115954-183970058
                                                          • Opcode ID: c408652eab72ee314c1dd670a5298d4f560f43e51c0e7a24cde18bee802d57ba
                                                          • Instruction ID: 6ff34708273b9843a055136682b8a526545e0f031bb723c7e776ea9b17f9c1e8
                                                          • Opcode Fuzzy Hash: c408652eab72ee314c1dd670a5298d4f560f43e51c0e7a24cde18bee802d57ba
                                                          • Instruction Fuzzy Hash: 43E1D7B1514B019FE324DF38D885B93BBE4FF18321F50592EE5AE87390DBB1A5808B48
                                                          Function 0126D99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: Rectgdi_
                                                          • String ID: )
                                                          • API String ID: 2404991910-2427484129
                                                          • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                                          • Instruction ID: 8bad3cd7e639866f1d68e7233b6cf3d7e5464fb2f30c9cf09a61cbc51d6bda0d
                                                          • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                                          • Instruction Fuzzy Hash: 5C51C27311014EBBDF02DE94CD40DEB7BAEBF18204B094266FF5991064E732E6A59BA1
                                                          Function 012968CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,01296A0A,?,?,00000000,?,0128E976,00000000), ref: 0129697B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalInitializeSectionSpin
                                                          • String ID: %s: unknown handler type %u$WLog_Appender_New
                                                          • API String ID: 2593887523-3466059274
                                                          • Opcode ID: 1a46fe01fa84812a6c7b3958783919ae89e6ce8abf1a1f3761e5710385a5998c
                                                          • Instruction ID: 88852d2637460eb2fc3e8c0aa6d933f204b356b2797ac6318f40c5ce8eb7d944
                                                          • Opcode Fuzzy Hash: 1a46fe01fa84812a6c7b3958783919ae89e6ce8abf1a1f3761e5710385a5998c
                                                          • Instruction Fuzzy Hash: E911483353C31366BF227A7DAC89DFF6FEC9B52930B04001AF709E6680DA51D40151A1
                                                          Function 01203FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %s%s-client.%s$DeviceServiceEntry
                                                          • API String ID: 0-2733899524
                                                          • Opcode ID: 4396dd1ccf02e194be329ab77a0894601c1bdf212306b51eade18196c3331c8f
                                                          • Instruction ID: 3f0c1f8a61ddb1f334a702234a2a5f6c9c465fba789c2480668e1b5f26fd546a
                                                          • Opcode Fuzzy Hash: 4396dd1ccf02e194be329ab77a0894601c1bdf212306b51eade18196c3331c8f
                                                          • Instruction Fuzzy Hash: 5011C475A2025A6BFB16EE9DC880ABF7BBCEF50654F048119FF10E7282D770D9018790
                                                          Function 0128EBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,0128E987), ref: 0128EBF6
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,0128E987), ref: 0128EC1A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WLOG_FILTER
                                                          • API String ID: 1431749950-2006202657
                                                          • Opcode ID: 37e50f43bd5da9aa749ecf5f9ee4013f88b550f72561b76b7e4252e9f7d9da08
                                                          • Instruction ID: aaf248d201117a0faae2b40226543da83066ee1732512875e4f5b1d641a79ab4
                                                          • Opcode Fuzzy Hash: 37e50f43bd5da9aa749ecf5f9ee4013f88b550f72561b76b7e4252e9f7d9da08
                                                          • Instruction Fuzzy Hash: C7F0F6766353263B92303B66BC8CC2B7FADDAA66AD352002EF118C7245EA255C0587B4
                                                          Function 0128BC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: .msrcIncident$.rdp
                                                          • API String ID: 4218353326-1437571178
                                                          • Opcode ID: 1f1a0250b7fc07a5061e7b1a8e7f2adbcd2bef0286d57dddd53b3c9d95f4d624
                                                          • Instruction ID: 74e122c85fa37281807368f6ca2f65345d550d56b6b024b51385cda14469c5f8
                                                          • Opcode Fuzzy Hash: 1f1a0250b7fc07a5061e7b1a8e7f2adbcd2bef0286d57dddd53b3c9d95f4d624
                                                          • Instruction Fuzzy Hash: D9F02272A35A176ECE24BAB99C0693B7788EA02074310032EE93AD32D1EF21D81487D4
                                                          Function 01294BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01294AE3), ref: 01294BCC
                                                          • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01294AE3), ref: 01294BEC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WINPR_NATIVE_SSPI
                                                          • API String ID: 1431749950-1020623567
                                                          • Opcode ID: 7d523188756b54ce7f0fde0861e5b6f6481809a7b1de1fc13b953686b5112838
                                                          • Instruction ID: 64d0d46db3f495658c61f77b2477b5538b657a070be1ce5db87498d4157ac0dd
                                                          • Opcode Fuzzy Hash: 7d523188756b54ce7f0fde0861e5b6f6481809a7b1de1fc13b953686b5112838
                                                          • Instruction Fuzzy Hash: 60F0E2366751B32AEA35316D7D49F3F5EA8CB9AF65B20012DF601E31C5C94054438BE1
                                                          Function 0125A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • rfx_context_new.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 0125A2ED
                                                            • Part of subcall function 0124E4DD: GetVersionExA.KERNEL32(?), ref: 0124E5CD
                                                            • Part of subcall function 0124E4DD: GetNativeSystemInfo.KERNEL32(?), ref: 0124E5E7
                                                            • Part of subcall function 0124E4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0124E612
                                                          • progressive_context_free.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000), ref: 0125A36D
                                                          Strings
                                                          • com.freerdp.codec.progressive, xrefs: 0125A2CA
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                                          • String ID: com.freerdp.codec.progressive
                                                          • API String ID: 2699998398-3622116780
                                                          • Opcode ID: e709de3ff62ff0284c5e1d743fea5f074a8f8be4b80a4b9ee2de8f581832198a
                                                          • Instruction ID: efccf25c480ab93e8a3e4e6051bfec4e2f8eb332278c853c16a1e9d5b54c840c
                                                          • Opcode Fuzzy Hash: e709de3ff62ff0284c5e1d743fea5f074a8f8be4b80a4b9ee2de8f581832198a
                                                          • Instruction Fuzzy Hash: 0DF0E932A157032AF3247B79A842F5B7BD8EF53A74F14012EFB08AB581DAB094018264
                                                          Function 01241ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_get_key_for_name.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(?), ref: 01241EEF
                                                          • freerdp_settings_get_type_for_key.NLOYWBVDYUZSPALCELRQAZDXTEXSAOR-ELEVATE(00000000), ref: 01241F51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                                          • String ID: TRUE
                                                          • API String ID: 1888880752-3412697401
                                                          • Opcode ID: f78c12483b5cb92907dc6f1273e93881eab3d247f11e8c6a063373b5216eb0b5
                                                          • Instruction ID: 767d7c24dc1377a5295bf37f77f773cb0c12b9533fc54418e14144216359b678
                                                          • Opcode Fuzzy Hash: f78c12483b5cb92907dc6f1273e93881eab3d247f11e8c6a063373b5216eb0b5
                                                          • Instruction Fuzzy Hash: 69E0E536320316ABDA199A9EFC86EAB365CFB65D61B120029FA0856501E760E85146E0
                                                          Function 012415BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %s:%s
                                                          • API String ID: 4218353326-3196766268
                                                          • Opcode ID: bfadf39c75b21e0a509245c80127545c8d15f2b0b617da39ba044907a11360a3
                                                          • Instruction ID: dc371403b1559a8813b1a9ab6a0a794e4bcbd21c1b4662b8f481b267c0a88d91
                                                          • Opcode Fuzzy Hash: bfadf39c75b21e0a509245c80127545c8d15f2b0b617da39ba044907a11360a3
                                                          • Instruction Fuzzy Hash: D0F05EB141021B7BDB116FA58C85DAB7A9DEF25158B450024FE0452211E735E921CAE4
                                                          Function 01241493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %s:%s
                                                          • API String ID: 4218353326-3196766268
                                                          • Opcode ID: 71ee6197b61ef65f17e5954b7aaa221dc91ba713f6698d0c251482c3d57b96e3
                                                          • Instruction ID: c0c381ce35b51aedbe49008e93a2a2e8422b18a5132a2c5b629ff704b24459d1
                                                          • Opcode Fuzzy Hash: 71ee6197b61ef65f17e5954b7aaa221dc91ba713f6698d0c251482c3d57b96e3
                                                          • Instruction Fuzzy Hash: 9FF0BEB141020B7BCB10AEA58C40DAB7A9DEF25158B450034FE0452311E725EC31CAE4
                                                          Function 0129717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,01297163), ref: 01297190
                                                          • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,01297163), ref: 012971B1
                                                            • Part of subcall function 01297310: LoadLibraryA.KERNEL32(?,?,012971C4,00000000,?,?,01297163), ref: 01297316
                                                            • Part of subcall function 01297310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0129732B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                                          • String ID: WTSAPI_LIBRARY
                                                          • API String ID: 3590464466-1122459656
                                                          • Opcode ID: 9cda12af4585ee39e0a38d10d33c0e6a7a08ecddda6eb4eaac5414ee3a3758da
                                                          • Instruction ID: 82a8b3b7deb07d9c402eb3bd5e5f40efe8a4372a4b3f3d1dac98cea73ff2366a
                                                          • Opcode Fuzzy Hash: 9cda12af4585ee39e0a38d10d33c0e6a7a08ecddda6eb4eaac5414ee3a3758da
                                                          • Instruction Fuzzy Hash: 7BE09B361356232BDB31269DBC0DFAF3A69DBC2B6DF64011DF500661C49B5054069BA6
                                                          Function 01297310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(?,?,012971C4,00000000,?,?,01297163), ref: 01297316
                                                          • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0129732B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryLoadProc
                                                          • String ID: InitWtsApi
                                                          • API String ID: 2574300362-3428673357
                                                          • Opcode ID: bbaa594504dc9c6bf482074e8b76b14bd9492465c6f7cafc62189bfd2e4a632d
                                                          • Instruction ID: c64984737e102e41c6eef900bfc4a0c9415370b6d876d82ec3f0d6b59355b6aa
                                                          • Opcode Fuzzy Hash: bbaa594504dc9c6bf482074e8b76b14bd9492465c6f7cafc62189bfd2e4a632d
                                                          • Instruction Fuzzy Hash: 05D05B316647069BDF30AFFAEC065163FDDD7446497055875EE1DC5144EB71C1209B90
                                                          Function 012FF42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,012EB650,01440388,0000000C), ref: 012FF430
                                                          • SetLastError.KERNEL32(00000000), ref: 012FF4D2
                                                          • GetLastError.KERNEL32(00000000,?,012E5FDD,012FF0E3,?,?,0128F77A,0000000C,?,?,?,?,012027D2,?,?,?), ref: 012FF581
                                                          • SetLastError.KERNEL32(00000000,00000006), ref: 012FF623
                                                            • Part of subcall function 012FF066: HeapFree.KERNEL32(00000000,00000000,?,012E5F2D,?,?,?,0128FA9A,?,?,?,?,?,0120293F,?,?), ref: 012FF07C
                                                            • Part of subcall function 012FF066: GetLastError.KERNEL32(?,?,012E5F2D,?,?,?,0128FA9A,?,?,?,?,?,0120293F,?,?), ref: 012FF087
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1657553180.0000000000C21000.00000040.00000001.01000000.00000006.sdmp, Offset: 00C20000, based on PE: true
                                                          • Associated: 00000002.00000002.1657538147.0000000000C20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000013AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000144B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000145E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000146F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000014BC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001558000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000173C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000001741000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.0000000002143000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.00000000022AA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1657553180.000000000234D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000002.00000002.1658703742.0000000002373000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_c20000_nloywbvdyuzspalcelrqazdxtexsaor-elevate.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$FreeHeap
                                                          • String ID:
                                                          • API String ID: 3197834085-0
                                                          • Opcode ID: 6a3023ceca3fb1f82ce57db52c4e02dffb0a24b0ebae43dbe9afd2821a8cba9a
                                                          • Instruction ID: dfc5b80b4dfa278c3a79de6b8d5883d31c1c70f76066bac29cb7240fb1019c57
                                                          • Opcode Fuzzy Hash: 6a3023ceca3fb1f82ce57db52c4e02dffb0a24b0ebae43dbe9afd2821a8cba9a
                                                          • Instruction Fuzzy Hash: 3441D77B6253136FE7363A7CBE89D2AB6C8AF14769F14027CFB20961D6EB50C8018650

                                                          Execution Graph

                                                          Execution Coverage:0.5%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:77
                                                          Total number of Limit Nodes:6
                                                          execution_graph 12891 14ab62b 12892 14ab637 12891->12892 12893 14ab64b 12892->12893 12894 14ab63e GetLastError RtlExitUserThread 12892->12894 12897 14bf42c GetLastError 12893->12897 12894->12893 12896 14ab650 12898 14bf442 12897->12898 12908 14bf44c SetLastError 12898->12908 12924 14bf717 12898->12924 12901 14bf4dc 12901->12896 12902 14bf479 12903 14bf4b9 12902->12903 12905 14bf481 12902->12905 12932 14bf25a 12903->12932 12904 14bf4e1 12912 14bf717 RtlAllocateHeap 12904->12912 12913 14bf4fe 12904->12913 12928 14bf066 12905->12928 12908->12901 12908->12904 12910 14bf503 12910->12896 12911 14bf066 __aligned_free 2 API calls 12911->12908 12916 14bf522 12912->12916 12913->12910 12914 14bf57d GetLastError 12913->12914 12915 14bf593 12914->12915 12921 14bf622 SetLastError 12915->12921 12917 14bf52a 12916->12917 12918 14bf55e 12916->12918 12919 14bf066 __aligned_free 2 API calls 12917->12919 12920 14bf25a 2 API calls 12918->12920 12919->12913 12922 14bf569 12920->12922 12921->12896 12923 14bf066 __aligned_free 2 API calls 12922->12923 12923->12910 12927 14bf730 12924->12927 12925 14bf74f RtlAllocateHeap 12926 14bf764 12925->12926 12925->12927 12926->12902 12927->12925 12927->12926 12929 14bf071 HeapFree 12928->12929 12931 14bf093 __aligned_free 12928->12931 12930 14bf086 GetLastError 12929->12930 12929->12931 12930->12931 12931->12908 12937 14bf0ee 12932->12937 12938 14bf0fa 12937->12938 12949 14af2a5 RtlEnterCriticalSection 12938->12949 12940 14bf104 12950 14bf134 12940->12950 12943 14bf200 12944 14bf20c 12943->12944 12954 14af2a5 RtlEnterCriticalSection 12944->12954 12946 14bf216 12955 14bf24e 12946->12955 12949->12940 12953 14af2ed RtlLeaveCriticalSection 12950->12953 12952 14bf122 12952->12943 12953->12952 12954->12946 12958 14af2ed RtlLeaveCriticalSection 12955->12958 12957 14bf23c 12957->12911 12958->12957 12959 25329e0 12962 25329f8 12959->12962 12960 2532b03 LoadLibraryA 12960->12962 12962->12960 12963 2532b2c GetProcAddress 12962->12963 12964 2532b48 VirtualProtect VirtualProtect 12962->12964 12963->12962 12965 2532b42 ExitProcess 12963->12965 12966 2532bc0 12964->12966 12966->12966 12967 14ab6e0 12972 14ab6eb 12967->12972 12968 14ab72d RtlExitUserThread 12969 14bf717 RtlAllocateHeap 12968->12969 12970 14ab748 12969->12970 12971 14bf066 __aligned_free 2 API calls 12970->12971 12974 14ab755 12971->12974 12972->12968 12973 14ab717 12972->12973 12975 14ab710 CloseHandle 12972->12975 12973->12968 12976 14ab723 FreeLibraryAndExitThread 12973->12976 12977 14ab779 12974->12977 12978 14ab75c GetModuleHandleExW 12974->12978 12975->12973 12976->12968 12981 14ab6a9 12977->12981 12978->12977 12982 14ab6d9 12981->12982 12983 14ab6b5 12981->12983 12984 14ab6bb CloseHandle 12983->12984 12985 14ab6c4 12983->12985 12984->12985 12986 14ab6ca FreeLibrary 12985->12986 12987 14ab6d3 12985->12987 12986->12987 12988 14bf066 __aligned_free 2 API calls 12987->12988 12988->12982

                                                          Executed Functions

                                                          Function 025329E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 25329e0-25329f0 1 2532a02-2532a07 0->1 2 2532a09 1->2 3 2532a0b 2->3 4 25329f8-25329fd 2->4 6 2532a10-2532a12 3->6 5 25329fe-2532a00 4->5 5->1 5->2 7 2532a14-2532a19 6->7 8 2532a1b-2532a1f 6->8 7->8 9 2532a21 8->9 10 2532a2c-2532a2f 8->10 13 2532a23-2532a2a 9->13 14 2532a4b-2532a50 9->14 11 2532a31-2532a36 10->11 12 2532a38-2532a3a 10->12 11->12 12->6 13->10 13->14 15 2532a63-2532a65 14->15 16 2532a52-2532a5b 14->16 19 2532a67-2532a6c 15->19 20 2532a6e 15->20 17 2532ad2-2532ad5 16->17 18 2532a5d-2532a61 16->18 21 2532ada 17->21 18->20 19->20 22 2532a70-2532a73 20->22 23 2532a3c-2532a3e 20->23 26 2532adc-2532ade 21->26 27 2532a75-2532a7a 22->27 28 2532a7c 22->28 24 2532a40-2532a45 23->24 25 2532a47-2532a49 23->25 24->25 29 2532a9d-2532aac 25->29 30 2532ae0-2532ae3 26->30 31 2532af7 26->31 27->28 28->23 32 2532a7e-2532a80 28->32 36 2532aae-2532ab5 29->36 37 2532abc-2532ac9 29->37 30->26 38 2532ae5-2532af5 30->38 33 2532afd-2532b01 31->33 34 2532a82-2532a87 32->34 35 2532a89-2532a8d 32->35 39 2532b03-2532b19 LoadLibraryA 33->39 40 2532b48-2532b4b 33->40 34->35 35->32 41 2532a8f 35->41 36->36 42 2532ab7 36->42 37->37 43 2532acb-2532acd 37->43 38->21 44 2532b1a-2532b1f 39->44 47 2532b4e-2532b55 40->47 45 2532a91-2532a98 41->45 46 2532a9a 41->46 42->5 43->5 44->33 48 2532b21-2532b23 44->48 45->32 45->46 46->29 49 2532b57-2532b59 47->49 50 2532b79-2532bbd VirtualProtect * 2 47->50 51 2532b25-2532b2b 48->51 52 2532b2c-2532b39 GetProcAddress 48->52 53 2532b5b-2532b6a 49->53 54 2532b6c-2532b77 49->54 57 2532bc0-2532bc1 50->57 51->52 55 2532b42 ExitProcess 52->55 56 2532b3b-2532b40 52->56 53->47 54->53 56->44 58 2532bc5-2532bc9 57->58 58->58 59 2532bcb 58->59
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(?), ref: 02532B13
                                                          • GetProcAddress.KERNELBASE(?,0250CFF9), ref: 02532B31
                                                          • ExitProcess.KERNEL32(?,0250CFF9), ref: 02532B42
                                                          • VirtualProtect.KERNELBASE(00DE0000,00001000,00000004,?,00000000), ref: 02532B90
                                                          • VirtualProtect.KERNELBASE(00DE0000,00001000), ref: 02532BA5
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                          • String ID:
                                                          • API String ID: 1996367037-0
                                                          • Opcode ID: 9173673b5b8ef55a4d0515196a62ce7cc8b2d3ab3b3781f9ddf1fbdab8f5e92d
                                                          • Instruction ID: e3938d48c6732bd86530abfcc945211298ba0f09f287c68e92dac619ba0daa5d
                                                          • Opcode Fuzzy Hash: 9173673b5b8ef55a4d0515196a62ce7cc8b2d3ab3b3781f9ddf1fbdab8f5e92d
                                                          • Instruction Fuzzy Hash: 8C51F572610B125BE7324EB8CCC07A4BB95FB41224F181B38DDE2D72C6E7E45C0687A8
                                                          Function 014AB6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 014BF42C: GetLastError.KERNEL32(00000000,?,014A5FDD,014BF0E3,?,?,0144F77A,0000000C,?,?,?,?,013C27D2,?,?,?), ref: 014BF581
                                                            • Part of subcall function 014BF42C: SetLastError.KERNEL32(00000000,00000006), ref: 014BF623
                                                          • CloseHandle.KERNEL32(?,?,?,014AB817,?,?,014AB689,00000000), ref: 014AB711
                                                          • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,014AB817,?,?,014AB689,00000000), ref: 014AB727
                                                          • RtlExitUserThread.NTDLL(?,?,?,014AB817,?,?,014AB689,00000000), ref: 014AB730
                                                          • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 014AB76E
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                                          • String ID:
                                                          • API String ID: 1062721995-0
                                                          • Opcode ID: 2fd308f7b6b05e4d791c0ab7d1288c6aef252d971dfdf95219fff07550e36921
                                                          • Instruction ID: 24bcf1241f73a6f9d5c3834d3ec05c3beb032fd50a4cbaa5a261546cbe44cd27
                                                          • Opcode Fuzzy Hash: 2fd308f7b6b05e4d791c0ab7d1288c6aef252d971dfdf95219fff07550e36921
                                                          • Instruction Fuzzy Hash: 3311D6B5500214BBD7209B6ADC04E9B7FE8DFA0760F59412AFA19CB3B1DB70D905C7A0
                                                          Function 014AB62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetLastError.KERNEL32(01600388,0000000C), ref: 014AB63E
                                                          • RtlExitUserThread.NTDLL(00000000), ref: 014AB645
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorExitLastThreadUser
                                                          • String ID:
                                                          • API String ID: 1750398979-0
                                                          • Opcode ID: 87173ed42973fb33626ae3532110bc9fdea896bd8d8eef480a9251f6c8611eb4
                                                          • Instruction ID: 3468c4b2e2b220af5e3bee3b94d4aaa1ac2a0cb2f9a7761cd8e025ff6a13ab05
                                                          • Opcode Fuzzy Hash: 87173ed42973fb33626ae3532110bc9fdea896bd8d8eef480a9251f6c8611eb4
                                                          • Instruction Fuzzy Hash: C1F0C2B5A00206DFDB15AFB1C849BAF7BB4EF30A10F55015EE406DB2B2CB345941CBA1

                                                          Non-executed Functions

                                                          Function 0144E42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014542FB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                                          • API String ID: 689400697-3301108232
                                                          • Opcode ID: 1f604a01b05b3ce669045890f44420fd0aac548aa3d9cd20cc584c0a4cedc7c5
                                                          • Instruction ID: 801ee606d2970ab679cd941bf17cfdd0c3af973a1d87d097b2c4991d50f39215
                                                          • Opcode Fuzzy Hash: 1f604a01b05b3ce669045890f44420fd0aac548aa3d9cd20cc584c0a4cedc7c5
                                                          • Instruction Fuzzy Hash: 591126353803417BEB265A17AC42E2B3F9CF7A5A20F04401ABE00AD1F2E961DA50C760
                                                          Function 0144E437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014543BE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                                          • API String ID: 689400697-3976766517
                                                          • Opcode ID: b85e7a7fdbdc7ee31b1dcdf41892ef4a541cf403ff8605243bf333a1764dbb91
                                                          • Instruction ID: 26e513e13f484987e1d46c8d96563fd422ea28e630b437a1bbeeb9dc246c18a8
                                                          • Opcode Fuzzy Hash: b85e7a7fdbdc7ee31b1dcdf41892ef4a541cf403ff8605243bf333a1764dbb91
                                                          • Instruction Fuzzy Hash: 6011CB753C43457BE7615E57EC06E2B3E9CF765A20F04406AFE00AD1F1E971D9509760
                                                          Function 013F5E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • crypto_cert_fingerprint.GETSCREEN-456311346-X86(?), ref: 013F5E1C
                                                            • Part of subcall function 013F576E: crypto_cert_fingerprint_by_hash.GETSCREEN-456311346-X86(?,sha256), ref: 013F5779
                                                          • crypto_cert_issuer.GETSCREEN-456311346-X86(?), ref: 013F5E30
                                                          • crypto_cert_subject.GETSCREEN-456311346-X86(?,?), ref: 013F5E3A
                                                          • certificate_data_new.GETSCREEN-456311346-X86(?,?,00000000,00000000,00000000,?,?), ref: 013F5E4A
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                                          • String ID:
                                                          • API String ID: 1865246629-0
                                                          • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                                          • Instruction ID: 1630365d8a9fedded445624c4c2fe7e06189de914b64cf3b9b01536dfad0b12b
                                                          • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                                          • Instruction Fuzzy Hash: B2E04F75101209BFDF122F6EDC04C9F7EADEF956E8B14812DBE0856130DA71CD1196A0
                                                          Function 01457449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 631 1457449-145745b LoadLibraryA 632 145745d 631->632 633 145745e-14578e4 GetProcAddress * 63 call 146001b 631->633
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(wtsapi32.dll,01457168), ref: 0145744E
                                                          • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 0145746B
                                                          • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 0145747D
                                                          • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 0145748F
                                                          • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 014574A1
                                                          • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 014574B3
                                                          • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 014574C5
                                                          • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 014574D7
                                                          • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 014574E9
                                                          • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 014574FB
                                                          • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 0145750D
                                                          • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 0145751F
                                                          • GetProcAddress.KERNEL32(WTSCloseServer), ref: 01457531
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 01457543
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 01457555
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 01457567
                                                          • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 01457579
                                                          • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 0145758B
                                                          • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 0145759D
                                                          • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 014575AF
                                                          • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 014575C1
                                                          • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 014575D3
                                                          • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 014575E5
                                                          • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 014575F7
                                                          • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 01457609
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$LibraryLoad
                                                          • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                                          • API String ID: 2238633743-2998606599
                                                          • Opcode ID: b38f5f2a0de4a089c1fdf8598ce5f7d8b52a38f8aa700efad22b506307645337
                                                          • Instruction ID: 83d468cc866cb106209045a3448907df60dd8af8f41ffcdcb28a25e61a403dac
                                                          • Opcode Fuzzy Hash: b38f5f2a0de4a089c1fdf8598ce5f7d8b52a38f8aa700efad22b506307645337
                                                          • Instruction Fuzzy Hash: FBB12BB4D84365EECB3B5F76AC4A84A3FA3F784674340C81AA4845A399DF756050DFE0
                                                          Function 014414E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 738 14414e3-14414fb 739 1441501-1441509 738->739 740 14416dd 738->740 739->740 741 144150f-1441523 freerdp_error_info 739->741 742 14416df-14416e3 740->742 743 14416e4-14416f0 741->743 744 1441529-144152f 741->744 746 14416f2-14416f9 call 144e717 743->746 747 14416fe-144170a call 144e9a3 743->747 744->740 745 1441535-144153c 744->745 748 144154e-144155a call 144e9a3 745->748 749 144153e-1441549 call 144e717 745->749 746->747 756 1441710-1441736 call 144ed82 747->756 757 144158e-1441595 747->757 761 144155c-1441586 freerdp_get_error_info_string call 144ed82 748->761 762 1441589 748->762 749->748 756->757 757->740 763 144159b-14415a3 757->763 761->762 762->757 766 14415a5-14415ad 763->766 767 14415b3-14415ba 763->767 766->740 766->767 768 14415bc-14415c3 call 144e717 767->768 769 14415c8-14415d4 call 144e9a3 767->769 768->769 775 14415d6-14415fd call 144ed82 769->775 776 1441600-1441609 freerdp_reconnect 769->776 775->776 778 144160f-144161c freerdp_get_last_error 776->778 779 144173b-144173e 776->779 781 144161e-1441625 778->781 782 144166b 778->782 779->742 784 1441627-144162e call 144e717 781->784 785 1441633-144163f call 144e9a3 781->785 783 144166d-1441671 782->783 787 1441673-144167a 783->787 788 144167c-1441688 Sleep 783->788 784->785 793 1441667 785->793 794 1441641-1441664 call 144ed82 785->794 787->740 787->788 788->783 791 144168a-144168e 788->791 791->763 796 1441694-144169b 791->796 793->782 794->793 798 144169d-14416a4 call 144e717 796->798 799 14416a9-14416b5 call 144e9a3 796->799 798->799 799->740 805 14416b7-14416da call 144ed82 799->805 805->740
                                                          APIs
                                                          • freerdp_error_info.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,014414DF,?,00000000), ref: 01441519
                                                          • freerdp_get_error_info_string.GETSCREEN-456311346-X86(00000000,?,?,?,?,?,?,014414DF,?,00000000), ref: 0144155D
                                                          • freerdp_reconnect.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,014414DF,?,00000000), ref: 01441601
                                                          • freerdp_get_last_error.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,014414DF,?,00000000), ref: 01441611
                                                          • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,014414DF,?,00000000), ref: 0144167E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                                          • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                                          • API String ID: 968149013-2963753137
                                                          • Opcode ID: 5c6f017b3629e420895e74baeb906e634af6735e237470b9ef15197c0d6e955b
                                                          • Instruction ID: e5226e1ebe6845ab5bee082131f0aefef12c1a98623fca16d043a9162a0ad16a
                                                          • Opcode Fuzzy Hash: 5c6f017b3629e420895e74baeb906e634af6735e237470b9ef15197c0d6e955b
                                                          • Instruction Fuzzy Hash: 9051BA71740306B7FF226A2AEC52F6A2B98BB20F24F18401FF604FA2D1DA75D5D14755
                                                          Function 0140A89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • gdi_get_pixel_format.GETSCREEN-456311346-X86(?,?,?,?,?,0140A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0140A8B3
                                                          • gdi_free.GETSCREEN-456311346-X86(?,?,?,?,?,0140A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0140AA40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: gdi_freegdi_get_pixel_format
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                                          • API String ID: 1251975138-534786182
                                                          • Opcode ID: e92c93c9636338cc8da14aa4f19c000156bc88e9ea0cc3aa3618ab922b56dd54
                                                          • Instruction ID: a6a2f6e96402a035eb04299c68f128198f43fdf05f281c5f424821c8b48822e6
                                                          • Opcode Fuzzy Hash: e92c93c9636338cc8da14aa4f19c000156bc88e9ea0cc3aa3618ab922b56dd54
                                                          • Instruction Fuzzy Hash: DA418675600703AFDB16AF3ADC41B5A77E5BF24214F14843EF5589B2E1EF31A8918B50
                                                          Function 01446C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 864 1446c86-1446ca5 call 14b35f0 867 1446ca7-1446caa 864->867 868 1446cdf-1446cef call 14b35f0 864->868 869 1446cb0-1446cc5 867->869 870 1446d43 867->870 877 1446cf5-1446cfa 868->877 878 1446da3-1446db3 call 14b35f0 868->878 872 1446cc7 869->872 873 1446cca-1446cdd call 144706d 869->873 874 1446d45-1446d49 870->874 872->873 873->874 877->870 880 1446cfc-1446d0b 877->880 886 1446e3d-1446e4d call 14b35f0 878->886 887 1446db9-1446dbe 878->887 882 1447066-1447068 880->882 883 1446d11-1446d20 call 14a5feb 880->883 882->874 883->870 891 1446d22-1446d3a call 14a5ff6 883->891 896 1446e53-1446e58 886->896 897 1446faf-1446fbf call 14b35f0 886->897 887->870 889 1446dc0-1446de0 call 14a5feb 887->889 889->870 901 1446de6-1446def 889->901 902 1446d3c-1446d3d call 14a5f15 891->902 903 1446d4a-1446d4d 891->903 896->870 898 1446e5e-1446e7e call 14a5feb 896->898 897->870 911 1446fc5-1446fca 897->911 898->870 918 1446e84-1446e89 898->918 904 1446df1-1446dfc call 14b3680 901->904 905 1446e19-1446e26 freerdp_device_collection_add 901->905 916 1446d42 902->916 912 1446d73 903->912 913 1446d4f-1446d60 call 14a5ff6 903->913 923 1446e16 904->923 924 1446dfe-1446e0f call 14a5ff6 904->924 905->882 914 1446e2c-1446e32 call 14a5f15 905->914 911->870 919 1446fd0-1446ff0 call 14a5feb 911->919 915 1446d75-1446d82 freerdp_device_collection_add 912->915 913->915 935 1446d62-1446d6a call 14a5f15 913->935 929 1446e37-1446e38 914->929 915->882 922 1446d88-1446da1 call 14a5f15 * 3 915->922 916->870 925 1446f5f-1446f62 918->925 926 1446e8f-1446ea5 call 14a5ff6 918->926 919->870 941 1446ff6-1446fff 919->941 922->870 923->905 924->905 945 1446e11 924->945 933 1446f65-1446f78 freerdp_device_collection_add 925->933 926->902 946 1446eab-1446eae 926->946 936 1446d6b-1446d71 call 14a5f15 929->936 933->882 940 1446f7e-1446faa call 14a5f15 * 5 933->940 935->936 936->916 940->870 948 1447001-1447017 call 14a5ff6 941->948 949 144703d-144704d freerdp_device_collection_add 941->949 945->902 946->925 954 1446eb4-1446eca call 14a5ff6 946->954 948->902 966 144701d-1447020 948->966 949->882 952 144704f-1447061 call 14a5f15 * 2 949->952 952->882 968 1446ecc-1446ed9 call 14a5f15 954->968 969 1446ede-1446ee1 954->969 966->949 971 1447022-1447033 call 14a5ff6 966->971 968->929 969->925 975 1446ee3-1446ef9 call 14a5ff6 969->975 971->949 982 1447035 971->982 985 1446f18-1446f1b 975->985 986 1446efb-1446f12 call 14a5f15 * 2 975->986 982->949 985->933 989 1446f1d-1446f2e call 14a5ff6 985->989 986->985 989->933 995 1446f30-1446f5a call 14a5f15 * 4 989->995 995->870
                                                          APIs
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,?), ref: 01446D79
                                                          • _strlen.LIBCMT ref: 01446DF4
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,00000000), ref: 01446E1D
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,00000000), ref: 01446F6F
                                                          • freerdp_device_collection_add.GETSCREEN-456311346-X86(?,00000000), ref: 01447044
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_device_collection_add$_strlen
                                                          • String ID: drive$parallel$printer$serial$smartcard
                                                          • API String ID: 2230162058-807955808
                                                          • Opcode ID: 887c39cfa5a16e9dd53710e5ca39a4a924d6a6da4d4a487f672658afd03471a3
                                                          • Instruction ID: 6302e73b6f82dfc24ceabf1e6b7b7fc2ba88ee376254cd675c39dfc39cfafee2
                                                          • Opcode Fuzzy Hash: 887c39cfa5a16e9dd53710e5ca39a4a924d6a6da4d4a487f672658afd03471a3
                                                          • Instruction Fuzzy Hash: 88B1B3715042039BEF15AF1AC85199E7BA5FF36310B16806FF9049F272EF32D9528B90
                                                          Function 013D0E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1004 13d0e1f-13d0e32 1005 13d0e34-13d0e3b 1004->1005 1006 13d0e82-13d0e8f call 13d1585 1004->1006 1008 13d0e4d-13d0e59 call 144e9a3 1005->1008 1009 13d0e3d-13d0e48 call 144e717 1005->1009 1013 13d0ee4-13d0f8c call 14a29c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1006->1013 1014 13d0e91-13d0e98 1006->1014 1017 13d0fdf-13d0fe2 1008->1017 1018 13d0e5f-13d0e7d 1008->1018 1009->1008 1031 13d0ede 1013->1031 1034 13d0f92-13d0f99 1013->1034 1020 13d0eaa-13d0eb6 call 144e9a3 1014->1020 1021 13d0e9a-13d0ea5 call 144e717 1014->1021 1022 13d0ee0-13d0ee3 1017->1022 1023 13d0fd7-13d0fdc call 144ed82 1018->1023 1020->1031 1032 13d0eb8-13d0edb call 144ed82 1020->1032 1021->1020 1023->1017 1031->1022 1032->1031 1036 13d0fab-13d0fb7 call 144e9a3 1034->1036 1037 13d0f9b-13d0fa6 call 144e717 1034->1037 1036->1017 1043 13d0fb9-13d0fd1 1036->1043 1037->1036 1043->1023
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 013D0F64
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 013D0F79
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                                          • API String ID: 3168844106-1571615648
                                                          • Opcode ID: 410838555340992d63afda90b0f419c2dddc75e8d638a77ea00f5fc15ffeaf67
                                                          • Instruction ID: 0d002d4934c931f47bb84ec789f9e10d089ffabf4e35f384b9b5caa766507741
                                                          • Opcode Fuzzy Hash: 410838555340992d63afda90b0f419c2dddc75e8d638a77ea00f5fc15ffeaf67
                                                          • Instruction Fuzzy Hash: 5B41E772A44306ABEB19EF6AEC45B597BE8FF18B28F10401DF618FB191DB74A500CB54
                                                          Function 014042E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1087 14042e5-14043dd call 14b3680 call 145010e CreateFileA GetFileSize call 14a5f30 1097 14043e3-14043f4 ReadFile 1087->1097 1098 1404507-1404514 CloseHandle 1087->1098 1099 1404500-1404506 call 14a5f15 1097->1099 1100 14043fa-14043fd 1097->1100 1099->1098 1100->1099 1101 1404403-1404408 1100->1101 1101->1099 1103 140440e-140448f SetFilePointer SetEndOfFile 1101->1103 1103->1099 1106 1404515-140451e 1103->1106 1107 140469c-14046b0 call 145536b 1106->1107 1110 1404523-140452c call 14b3680 1107->1110 1111 14047b3-14047d8 call 144e9a3 1107->1111 1110->1107 1117 1404532-140454e call 140484b 1110->1117 1111->1099 1118 14047de-14047ed call 14a5fd8 * 2 call 14b3e39 1111->1118 1117->1107 1122 1404554-1404624 call 1404878 call 14b35f0 call 13c8b2e 1117->1122 1122->1099 1135 140462a-140463c call 14a5f30 1122->1135 1135->1107 1135->1111
                                                          APIs
                                                          • _strlen.LIBCMT ref: 014042FA
                                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 01404320
                                                          • GetFileSize.KERNEL32(00000000,?), ref: 0140433A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: File$CreateSize_strlen
                                                          • String ID: %s %hu %s %s %s
                                                          • API String ID: 2645226956-2916857029
                                                          • Opcode ID: 3ba6b9bd6ad310a3ce8c1a7192fe84eb3e448b014316053c7f62cc947bfaa2d1
                                                          • Instruction ID: d8899b85d9687a786da8ff493a3d36b346e2446114c149bbc88ed3559c554dc8
                                                          • Opcode Fuzzy Hash: 3ba6b9bd6ad310a3ce8c1a7192fe84eb3e448b014316053c7f62cc947bfaa2d1
                                                          • Instruction Fuzzy Hash: F35153B1900215AEEB129FB6DC44ABF77BCEF15620F14453BFA01E62A1EB3599008764
                                                          Function 013D0C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1138 13d0c4d-13d0c61 1139 13d0cb1-13d0cbf call 13d155c 1138->1139 1140 13d0c63-13d0c6a 1138->1140 1147 13d0d15-13d0dc4 call 14a29c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1139->1147 1148 13d0cc1-13d0cc8 1139->1148 1142 13d0c7c-13d0c88 call 144e9a3 1140->1142 1143 13d0c6c-13d0c77 call 144e717 1140->1143 1151 13d0c8e-13d0cac 1142->1151 1152 13d0e17-13d0e1a 1142->1152 1143->1142 1165 13d0d0e 1147->1165 1168 13d0dca-13d0dd1 1147->1168 1154 13d0cda-13d0ce6 call 144e9a3 1148->1154 1155 13d0cca-13d0cd5 call 144e717 1148->1155 1156 13d0e0f-13d0e14 call 144ed82 1151->1156 1157 13d0d10-13d0d14 1152->1157 1154->1165 1166 13d0ce8-13d0d0b call 144ed82 1154->1166 1155->1154 1156->1152 1165->1157 1166->1165 1170 13d0de3-13d0def call 144e9a3 1168->1170 1171 13d0dd3-13d0dde call 144e717 1168->1171 1170->1152 1177 13d0df1-13d0e09 1170->1177 1171->1170 1177->1156
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 013D0D92
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 013D0DB2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                                          • API String ID: 3168844106-4217659166
                                                          • Opcode ID: cd3466c95b9fec816947f74933e0db0e66dc0be952435681c3c177b3b443e94e
                                                          • Instruction ID: 0d19da1515175b0b90ab52fbbd88d780f996f3dcda00779837500d75b15d2594
                                                          • Opcode Fuzzy Hash: cd3466c95b9fec816947f74933e0db0e66dc0be952435681c3c177b3b443e94e
                                                          • Instruction Fuzzy Hash: 33518272A40306AFEB24EF6AEC49F597BE4FB14B64F10401EF644BB291DB74A500CB58
                                                          Function 014D5E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • YUV buffer not initialized! check your decoder settings, xrefs: 014D5F1A
                                                          • avc444_ensure_buffer, xrefs: 014D5F1F
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 014D5F24
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: __aligned_free
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                                          • API String ID: 733272558-18228272
                                                          • Opcode ID: 8d115e4089e066f20146cf4530721cbab0e6b663dd97ef2d1e8b58749af8e55d
                                                          • Instruction ID: 01f7f22a218bf687f80bc3fb9749d87cc904d45ea46a52483dfc6154247a3b55
                                                          • Opcode Fuzzy Hash: 8d115e4089e066f20146cf4530721cbab0e6b663dd97ef2d1e8b58749af8e55d
                                                          • Instruction Fuzzy Hash: 5841AE71600302AFEF249F2ACCA1A56BBF5FF24214F14887FE6868E670D671E851CB50
                                                          Function 014D3B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,00000400,00000001), ref: 014D3B87
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000401,00000000), ref: 014D3BB7
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000404,?), ref: 014D3BDB
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000402,00000000), ref: 014D3BFA
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000014,?), ref: 014D3C12
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,000006C1,?), ref: 014D3C2B
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000403,?), ref: 014D3C44
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000015,00000000), ref: 014D3C60
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(?,00000013,?), ref: 014D3C82
                                                          • freerdp_target_net_addresses_free.GETSCREEN-456311346-X86(?), ref: 014D3C93
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                                          • String ID:
                                                          • API String ID: 949014189-0
                                                          • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                                          • Instruction ID: ad28fdd1ddddb83837d7475fb72bceb3b3c1e53b4ffa8c6d7c95b76d11d8c3dc
                                                          • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                                          • Instruction Fuzzy Hash: 1C41C3B1A00716BBFB219F38DC58F967BD4BF14304F04002AEB05966E1E772E462CB96
                                                          Function 01481612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01455CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,01481701,00000001), ref: 01455CF9
                                                          • zgfx_context_new.GETSCREEN-456311346-X86(00000000), ref: 01481874
                                                            • Part of subcall function 014D693A: zgfx_context_reset.GETSCREEN-456311346-X86(00000000,00000000,00000000,?,01481879,00000000), ref: 014D6964
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                                          • API String ID: 3732774510-3243565116
                                                          • Opcode ID: 5cfa2bbb10412cdca9967e9e7285681b793c9fc64667f155471211497470f0c2
                                                          • Instruction ID: 54c0e417ac7576f02a14dd4a1c89ad873147b1a984cb13a1a0934733f347cba9
                                                          • Opcode Fuzzy Hash: 5cfa2bbb10412cdca9967e9e7285681b793c9fc64667f155471211497470f0c2
                                                          • Instruction Fuzzy Hash: 3271A8746947036FE324AF6A9C42B5A77D8FF35A24F10402FF505AB7A0EB74A442CB84
                                                          Function 0140E4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01456B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,0140E59B,00000001,00006060,00000010), ref: 01456B3E
                                                          • GetVersionExA.KERNEL32(?), ref: 0140E5CD
                                                          • GetNativeSystemInfo.KERNEL32(?), ref: 0140E5E7
                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0140E612
                                                          • primitives_get.GETSCREEN-456311346-X86 ref: 0140E6DC
                                                          • CreateThreadpool.KERNEL32(00000000), ref: 0140E6E2
                                                          Strings
                                                          • com.freerdp.codec.rfx, xrefs: 0140E530
                                                          • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 0140E605
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                                          • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                                          • API String ID: 3882483829-2530424157
                                                          • Opcode ID: de00a162b850222d59afd5275329051fd2b7774a37713a2611768307cbd02de2
                                                          • Instruction ID: 7f3e491de9605c2f0c35b6fefb9c71a3e0982ea4f7dd77f9581cf6ad73d75b9a
                                                          • Opcode Fuzzy Hash: de00a162b850222d59afd5275329051fd2b7774a37713a2611768307cbd02de2
                                                          • Instruction Fuzzy Hash: 1641D3B1A00706AFEB249F76CC84B56BBF8FF64600F40443FE509AB2A1DB70D9548B50
                                                          Function 0144E889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0144E8B2
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0144E8D6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                                          • API String ID: 1431749950-225596728
                                                          • Opcode ID: 0c5a57786b9623b513b2b43500125aaf4936e57bcc8789406ded0c8cb702d3b2
                                                          • Instruction ID: c0da88dfa3fba6c8a61a4f38c54ddb40546a5f9f170b298156cfb94ba7c53ab3
                                                          • Opcode Fuzzy Hash: 0c5a57786b9623b513b2b43500125aaf4936e57bcc8789406ded0c8cb702d3b2
                                                          • Instruction Fuzzy Hash: 1921363A2883136AB2657277AC5AE3F0B58FBB2874395002FF105B90E1EEB4840142B1
                                                          Function 013C3971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 013D48D9
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 013D498F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_set_last_error_ex
                                                          • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                                          • API String ID: 270715978-29603548
                                                          • Opcode ID: 6414ef3876fd192b8e82dcb0a6a865079207f255a9e1e9be2e031e7d476470d3
                                                          • Instruction ID: ddfce339aa7d813d48897b1a0c9e789906fadbd9cdda00000164fdea492be788
                                                          • Opcode Fuzzy Hash: 6414ef3876fd192b8e82dcb0a6a865079207f255a9e1e9be2e031e7d476470d3
                                                          • Instruction Fuzzy Hash: FC21EAB3A40305B7EB106A5AEC46FEB7F68BB11A18F04405EFD087E181EAB09540CAA1
                                                          Function 014D58B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_get_tag_string.GETSCREEN-456311346-X86(00000000,?,?,014D5425,?,?,?,?,00000000,?), ref: 014D58FA
                                                          • audio_format_get_tag_string.GETSCREEN-456311346-X86(00000001,00000000,?,?,014D5425,?,?,?,?,00000000,?), ref: 014D5902
                                                          • audio_format_compatible.GETSCREEN-456311346-X86(014D5425,?,?,?,?,014D5425,?,?,?,?,00000000,?), ref: 014D594D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: audio_format_get_tag_string$audio_format_compatible
                                                          • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                                          • API String ID: 204136587-155179076
                                                          • Opcode ID: 7ec05f7492e93af0fe852c4a1e9874f5d2a3e55100329b17e9ad8fb2a59b3a12
                                                          • Instruction ID: 0bc40f687a41c31b6a261efadedb60204b85edba31578a68adea34d755a09cb9
                                                          • Opcode Fuzzy Hash: 7ec05f7492e93af0fe852c4a1e9874f5d2a3e55100329b17e9ad8fb2a59b3a12
                                                          • Instruction Fuzzy Hash: AE21CBB2AC43026AFA245B6AAC66F7723E8AB35674F10001FFB44EE1D0F971A4414269
                                                          Function 01454B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(secur32.dll,?,01454AEC), ref: 01454B18
                                                          • LoadLibraryA.KERNEL32(security.dll,?,01454AEC), ref: 01454B28
                                                          • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 01454B42
                                                          • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 01454B51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryLoadProc
                                                          • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                                          • API String ID: 2574300362-4081094439
                                                          • Opcode ID: 9d662f8efd90c5f73aa4dc8007249b8347428a08d8d0d6a9aa7c2cfe72b62988
                                                          • Instruction ID: e83fbe2b0f4a28122cc68ab774060f5c66925c26af8b1b2e8e04a021b24a5641
                                                          • Opcode Fuzzy Hash: 9d662f8efd90c5f73aa4dc8007249b8347428a08d8d0d6a9aa7c2cfe72b62988
                                                          • Instruction Fuzzy Hash: 87F08977D50366979767EBBEBC0091B3EE8AB885603094257DC44DB219FE71D8418FA0
                                                          Function 013E501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ber_read_universal_tag.GETSCREEN-456311346-X86(?,00000002,00000000), ref: 013E502A
                                                          • ber_read_length.GETSCREEN-456311346-X86(?,?), ref: 013E503F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ber_read_lengthber_read_universal_tag
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                                          • API String ID: 3186670568-2454464461
                                                          • Opcode ID: 55cb7b8097dcabb80e1000226d7830e2f81ee0c4c3755af6e713c3b8cb50a98e
                                                          • Instruction ID: 775f3f16fd2e32ff0f1c9e73508a0feda40099f63b4c241244c4e3901400bb4c
                                                          • Opcode Fuzzy Hash: 55cb7b8097dcabb80e1000226d7830e2f81ee0c4c3755af6e713c3b8cb50a98e
                                                          • Instruction Fuzzy Hash: 2A4146B57043219BEF219E2ACC85B293BE5EF6162DF04816EF555AA2C5E638E500CB60
                                                          Function 01429C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_rects.GETSCREEN-456311346-X86(?,?), ref: 01429C6E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: region16_rects
                                                          • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                                          • API String ID: 844131241-2640574824
                                                          • Opcode ID: febd790eab2eb9e57eb45dd080b97b096ff9df2f669dd1c700332c25bc14cc8f
                                                          • Instruction ID: 7fb2c620f2a44eefe405eb775ee1ece780a5a2dd81906016c23d01bbd6cb2dbc
                                                          • Opcode Fuzzy Hash: febd790eab2eb9e57eb45dd080b97b096ff9df2f669dd1c700332c25bc14cc8f
                                                          • Instruction Fuzzy Hash: 7D31E6B178071276FB31AB5AEC43F7622C9FB24B25F60011FF504AD2D0EEB599815351
                                                          Function 013C2BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013C2C14
                                                          • clearChannelError.GETSCREEN-456311346-X86(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013C2C1B
                                                            • Part of subcall function 013C26E1: ResetEvent.KERNEL32(?), ref: 013C270A
                                                            • Part of subcall function 013D8142: ResetEvent.KERNEL32(?,?,013C2C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013D814E
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 013C2BFC
                                                          • freerdp_connect, xrefs: 013C2C01
                                                          • ConnectionResult, xrefs: 013C3077
                                                          • freerdp, xrefs: 013C3062
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                                          • API String ID: 3632380314-3564821047
                                                          • Opcode ID: c2697b0dd1c6c46740dab38af9899a5e52c1786a65d6531a77a93d9d5ceef062
                                                          • Instruction ID: 0e745c90664920119629e9bd174fb47e4af4ab1ce1ed60466c94ad93ace6b1a6
                                                          • Opcode Fuzzy Hash: c2697b0dd1c6c46740dab38af9899a5e52c1786a65d6531a77a93d9d5ceef062
                                                          • Instruction Fuzzy Hash: 7B31B071A00206AFEB10DF7DD884BAABBE8BF18748F14406DE904DB291DB719D54CB50
                                                          Function 013E53FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ber_write_universal_tag.GETSCREEN-456311346-X86(?,00000002,00000000), ref: 013E5415
                                                          • ber_write_length.GETSCREEN-456311346-X86(?,00000001,?,00000002,00000000), ref: 013E541D
                                                          • ber_write_universal_tag.GETSCREEN-456311346-X86(?,00000002,00000000), ref: 013E5440
                                                          • ber_write_length.GETSCREEN-456311346-X86(?,00000002,?,00000002,00000000), ref: 013E5448
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ber_write_lengthber_write_universal_tag
                                                          • String ID:
                                                          • API String ID: 1889070510-0
                                                          • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                                          • Instruction ID: c7e4b95c60e65e236a67edd6ef961486f496aafaec9b1832bbdd8e26500e2378
                                                          • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                                          • Instruction Fuzzy Hash: FD21D639301764EFDB125B08CD45B5A77E5EF21B0DF058459F94B6BAC2C271AA01CFA1
                                                          Function 013ECB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • glyph_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECB79
                                                          • brush_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECB86
                                                          • pointer_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECB94
                                                          • bitmap_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBA2
                                                          • offscreen_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBB0
                                                          • palette_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBBE
                                                          • nine_grid_cache_new.GETSCREEN-456311346-X86(?), ref: 013ECBCC
                                                          • cache_free.GETSCREEN-456311346-X86(00000000), ref: 013ECBDE
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                                          • String ID:
                                                          • API String ID: 2332728789-0
                                                          • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                                          • Instruction ID: 931d3088dd2e05e2c8aa24e4c96dcc0cd4bf361fb840555baa5f6e6bae05a92b
                                                          • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                                          • Instruction Fuzzy Hash: 3101D636148B279AFB25AA7E9854D7F7FEC8F52978710443FE580D69C0EF20D001A270
                                                          Function 0140EFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_init.GETSCREEN-456311346-X86(?), ref: 0140F58A
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: region16_init
                                                          • String ID:
                                                          • API String ID: 4140821900-0
                                                          • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                                          • Instruction ID: 65a494be31e174ec0db6009bad5333930b4155cf5084c150f2ceab2002361bdc
                                                          • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                                          • Instruction Fuzzy Hash: B8516E72D0022A9BDB15DFAAC8809EEBBF9FF58304F04452EF519E7290E7359945CB60
                                                          Function 0140AA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_CreateCompatibleDC.GETSCREEN-456311346-X86(?,00000000,?,?,?,0140A9C7,00000000,?,?,?,?,?,?,?,?,0140A899), ref: 0140AAE7
                                                          • gdi_CreateCompatibleBitmap.GETSCREEN-456311346-X86(?,?,?,00000000,?,?,?,0140A9C7,00000000,?,?,?,?), ref: 0140AB0E
                                                          • gdi_CreateBitmapEx.GETSCREEN-456311346-X86(?,?,?,?,?,?,00000000,?,?,?,0140A9C7,00000000,?,?,?,?), ref: 0140AB2A
                                                          • gdi_SelectObject.GETSCREEN-456311346-X86(?,?), ref: 0140AB60
                                                          • gdi_CreateRectRgn.GETSCREEN-456311346-X86(00000000,00000000,00000000,00000000), ref: 0140ABA5
                                                          • gdi_DeleteObject.GETSCREEN-456311346-X86(?), ref: 0140AC39
                                                          • gdi_DeleteDC.GETSCREEN-456311346-X86(?), ref: 0140AC48
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                                          • String ID:
                                                          • API String ID: 412453062-0
                                                          • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                                          • Instruction ID: 63cce1f074c9c2ece95f02c5a47f327dcea178baf18e8a1846ec8f6c2618cfc9
                                                          • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                                          • Instruction Fuzzy Hash: 2A5128752007059FD725DF2AC884EA6BBE0FF2C310B1545BEE98A8BB61E771E8418F40
                                                          Function 0145EA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,01456939,?,?,?,?,01456A0A,?), ref: 0145EABD
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,01456939,?,?,?,?,01456A0A,?,?,00000000), ref: 0145EAE7
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,01456939,?,?,?,?,01456A0A,?,?,00000000), ref: 0145EB14
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,01456939,?,?,?,?,01456A0A,?,?,00000000), ref: 0145EB37
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                                          • API String ID: 1431749950-2760771567
                                                          • Opcode ID: 86fb8735f27ab89b3485e2775de303ba9cfb0405f4cf7149e9f5d53a4425995d
                                                          • Instruction ID: f032d0a4054cd2d9d44dea8f28ec7f1cce16725b61798384a81de61c16fc6368
                                                          • Opcode Fuzzy Hash: 86fb8735f27ab89b3485e2775de303ba9cfb0405f4cf7149e9f5d53a4425995d
                                                          • Instruction Fuzzy Hash: 4B31D471A05612BB9765AB6A994886FFF68FF60669310001FFD01BB622DB309A11C7B0
                                                          Function 00E48EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(01681278,00E48C90,00E48EC0,00000000), ref: 00E48F0A
                                                          • GetLastError.KERNEL32 ref: 00E48F38
                                                          • TlsGetValue.KERNEL32 ref: 00E48F46
                                                          • SetLastError.KERNEL32(00000000), ref: 00E48F4F
                                                          • RtlAcquireSRWLockExclusive.NTDLL(01681284), ref: 00E48F61
                                                          • RtlReleaseSRWLockExclusive.NTDLL(01681284), ref: 00E48F73
                                                          • TlsSetValue.KERNEL32(00000000,?,?,00000000,00E2B080), ref: 00E48FB5
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                                          • String ID:
                                                          • API String ID: 389898287-0
                                                          • Opcode ID: 295766fb5ad82d29be68130acd63ab8a43a3c2a5d45fdd171d3ebe8d990bf639
                                                          • Instruction ID: fad47223a4868ff03d85b04c58cac2e6c68784c46ffecd15b43261177da04362
                                                          • Opcode Fuzzy Hash: 295766fb5ad82d29be68130acd63ab8a43a3c2a5d45fdd171d3ebe8d990bf639
                                                          • Instruction Fuzzy Hash: B9214370B00209AFDB206FA5FD08BAE3BA9FF16700F485025FC05EA250DB319814CBA1
                                                          Function 0145F61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WS2_32(00000002,00000002,00000011), ref: 0145F673
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01456921,?,?,?,?,01456A0A,?,?,00000000,?,0144E976,00000000), ref: 0145F68A
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01456921,?,?,?,?,01456A0A,?,?,00000000,?,0144E976,00000000), ref: 0145F6AB
                                                          • closesocket.WS2_32(?), ref: 0145F6E6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable$closesocketsocket
                                                          • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                                          • API String ID: 65193492-3368084233
                                                          • Opcode ID: ea1156f12e63edacac769c7ded38fd3dbdb8ff9e933ea4facae164432915bac7
                                                          • Instruction ID: 17b01501afa3be7be4f2edda91fdc002c941a452b7918c3626a3bbbaed71e9f2
                                                          • Opcode Fuzzy Hash: ea1156f12e63edacac769c7ded38fd3dbdb8ff9e933ea4facae164432915bac7
                                                          • Instruction Fuzzy Hash: 6821D131144B026BE3745F7A9C48A177BE4FF50728F14041FFA46DE6B2EBB1A40A8766
                                                          Function 0146001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(winsta.dll,?,014578D9,01707120), ref: 01460023
                                                          • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 0146003C
                                                          • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 01460052
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$LibraryLoad
                                                          • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                                          • API String ID: 2238633743-2382846951
                                                          • Opcode ID: a57336129fd8c1e797d9068119e7a1dc2049dbbbf16aa01dae1cb540517b3af0
                                                          • Instruction ID: 47547d2603e1bed6475c1b767f63b438f61cadba3f767a2592c313bd1bee8347
                                                          • Opcode Fuzzy Hash: a57336129fd8c1e797d9068119e7a1dc2049dbbbf16aa01dae1cb540517b3af0
                                                          • Instruction Fuzzy Hash: AF0108B0641345CFD7189FB5A84DAA63BE8FB04269F1984BAF449CF276DB3180449F16
                                                          Function 013ECB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • glyph_cache_free.GETSCREEN-456311346-X86(?), ref: 013ECB1E
                                                          • brush_cache_free.GETSCREEN-456311346-X86(?,?), ref: 013ECB26
                                                          • pointer_cache_free.GETSCREEN-456311346-X86(?,?,?), ref: 013ECB2E
                                                          • bitmap_cache_free.GETSCREEN-456311346-X86(?,?,?,?), ref: 013ECB36
                                                          • offscreen_cache_free.GETSCREEN-456311346-X86(?,?,?,?,?), ref: 013ECB3E
                                                          • palette_cache_free.GETSCREEN-456311346-X86(?,?,?,?,?,?), ref: 013ECB46
                                                          • nine_grid_cache_free.GETSCREEN-456311346-X86(?,?,?,?,?,?,?), ref: 013ECB4E
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                                          • String ID:
                                                          • API String ID: 637575458-0
                                                          • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                                          • Instruction ID: eb2dd1d02b59838bb7eb51089abe99d7514c15e5564523632b10bd41828a80a3
                                                          • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                                          • Instruction Fuzzy Hash: DDE0E531401726ABCE323F66DC05C4EBBE6AF316557044539F599255F5CB32AC60AE90
                                                          Function 0142DFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_CRgnToRect.GETSCREEN-456311346-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0142E040
                                                          • gdi_RgnToRect.GETSCREEN-456311346-X86(?,?,?,?,?), ref: 0142E04F
                                                          • gdi_CRgnToRect.GETSCREEN-456311346-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0142E062
                                                          • gdi_RgnToRect.GETSCREEN-456311346-X86(?,?,?,?,?), ref: 0142E0A3
                                                          • gdi_CRgnToRect.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,?,?), ref: 0142E0C8
                                                          • gdi_RectToCRgn.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0142E147
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Rectgdi_
                                                          • String ID:
                                                          • API String ID: 2404991910-0
                                                          • Opcode ID: a3a7d0ad135b2cfd4d15dbf644689b296090ff4c71d1344597e6f1e88fc19bb0
                                                          • Instruction ID: 756d97d02f74bfbc78f715e30cc7d91a4d2c4925ae87c63319c0986455ab509d
                                                          • Opcode Fuzzy Hash: a3a7d0ad135b2cfd4d15dbf644689b296090ff4c71d1344597e6f1e88fc19bb0
                                                          • Instruction Fuzzy Hash: E351C675D01229EFCF14CF99C9808EEBBB9FF58710B64442AE515B7260D771AA81CFA0
                                                          Function 01401D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_set_uint32.GETSCREEN-456311346-X86(?,000007C0,?), ref: 01401DA2
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C8,00000001), ref: 01401DCC
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C8,00000000), ref: 01401DE8
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C9,00000000), ref: 01401DFC
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C8,00000000), ref: 01401E19
                                                          • freerdp_settings_set_bool.GETSCREEN-456311346-X86(?,000007C9,00000000), ref: 01401E2D
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                                          • String ID:
                                                          • API String ID: 4272850885-0
                                                          • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                                          • Instruction ID: d86f256e1ec58938df693eee72d9be9fc9b38679009714614028b69e9d8dbdf4
                                                          • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                                          • Instruction Fuzzy Hash: 1D118262F8521375F962206E4C89F6F269D4F61F68F040036FB0CA52D0E9B5EE0284E6
                                                          Function 01428AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_image_copy.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 01428C2B
                                                          Strings
                                                          • 1bpp and 4bpp icons are not supported, xrefs: 01428DB5
                                                          • com.freerdp.color, xrefs: 01428D98
                                                          • freerdp_image_copy_from_icon_data, xrefs: 01428DBA
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 01428DBF
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_image_copy
                                                          • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                                          • API String ID: 1523062921-332027372
                                                          • Opcode ID: 38e65d163116504b8133d7dd7f3c42a1c77b62dc7aa276c4dba80607b71b78bd
                                                          • Instruction ID: 3e8734f0fe218989872b75f088aa77824274f8685af4c444c10b5c45e88574e3
                                                          • Opcode Fuzzy Hash: 38e65d163116504b8133d7dd7f3c42a1c77b62dc7aa276c4dba80607b71b78bd
                                                          • Instruction Fuzzy Hash: C051CBB250022E9ADF149F19CC51BFE7BE8FF54210F4481AEFA14A6290D7708AD5CF64
                                                          Function 01448423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: kbd-lang-list$kbd-list$monitor-list
                                                          • API String ID: 0-1393584692
                                                          • Opcode ID: 0df955a355f84505175ba7bab9157a3cf44e663fdc24198a7fd789f841570a2d
                                                          • Instruction ID: 5be3d05d838548d23a533bd7c5ba648e184df3f8d6915eef8e391fa211e33e50
                                                          • Opcode Fuzzy Hash: 0df955a355f84505175ba7bab9157a3cf44e663fdc24198a7fd789f841570a2d
                                                          • Instruction Fuzzy Hash: 6331A73294121A9BDB60DAA9DD45DCFB7A8AB25314F4501ABFD08A71F1DA70DA40CAE0
                                                          Function 01419962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • interleaved_compress, xrefs: 01419AF5
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 01419AFA
                                                          • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 01419AF0
                                                          • com.freerdp.codec, xrefs: 01419AD0
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                                          • API String ID: 0-4054760794
                                                          • Opcode ID: abc746559ef8b3e5d1f734292fcbf3376badf65f2d9c508c2d1687b8dc4f3aa3
                                                          • Instruction ID: fd67a890ae6bd7bdaf3fc336cf0a18a001f08b64a83d5da8027fa33e69db0340
                                                          • Opcode Fuzzy Hash: abc746559ef8b3e5d1f734292fcbf3376badf65f2d9c508c2d1687b8dc4f3aa3
                                                          • Instruction Fuzzy Hash: 1321C272300206BFFF259E5ADC55FAB3F58FB14698F04412AFA049A278E775E850CB51
                                                          Function 0144E489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453DA3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                                          • API String ID: 689400697-1744466472
                                                          • Opcode ID: 503e2d5b8b1829c5c6f340a1d7e57708851627b6af81fb659d2e25d4412ea010
                                                          • Instruction ID: bacce5039a0f70701a0121f96dbd5e9ded2074cfa8bc0c97107106bd2947878e
                                                          • Opcode Fuzzy Hash: 503e2d5b8b1829c5c6f340a1d7e57708851627b6af81fb659d2e25d4412ea010
                                                          • Instruction Fuzzy Hash: 5721C936280345BBEF225E56EC02DAF3FA9FB54760F044059FF04691B1D672D961E760
                                                          Function 0144E492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453CC8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                                          • API String ID: 689400697-743139187
                                                          • Opcode ID: 244475a0d53a8c16d50b751331d845bbbdb3f96a180fb5aa42fcadbfe2ed436f
                                                          • Instruction ID: 199f08b490cf3c6d068cd088989d832c64d44411d653f1a2c668b6ce296409e3
                                                          • Opcode Fuzzy Hash: 244475a0d53a8c16d50b751331d845bbbdb3f96a180fb5aa42fcadbfe2ed436f
                                                          • Instruction Fuzzy Hash: 3821F672280245BBEF665F56DC02EAB3F79FB64B60F04014AFF00690B1CA72D961D760
                                                          Function 013D11D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 013D11FA
                                                          • getChannelError.GETSCREEN-456311346-X86(?), ref: 013D1248
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ChannelError_strlen
                                                          • String ID: ($ChannelDetached$freerdp
                                                          • API String ID: 3987305115-436519898
                                                          • Opcode ID: e1499e454b03231cbfd0bb136d8937cdf541f185652e272b2af967cb0b6b06cb
                                                          • Instruction ID: 3f3c184fb11b0f06c2a3a2e62005d59e0e064bd25fcb3ed827db900a49b14c63
                                                          • Opcode Fuzzy Hash: e1499e454b03231cbfd0bb136d8937cdf541f185652e272b2af967cb0b6b06cb
                                                          • Instruction Fuzzy Hash: DA2160B1A00209AFDB10DF98D884FAEBBF8FF18344F104469E944EB251D771AA50DBA0
                                                          Function 013D0B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 013D0B64
                                                          • getChannelError.GETSCREEN-456311346-X86(?), ref: 013D0BB2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ChannelError_strlen
                                                          • String ID: ($ChannelAttached$freerdp
                                                          • API String ID: 3987305115-2646891115
                                                          • Opcode ID: 0a6bf907b2b70cb591947218505b16bbe63a8acab1640d878548673a9b684e83
                                                          • Instruction ID: 5b0b6be5c3088b5336e9f47c7733356f030f8230205f9a05e80ac45371c62f84
                                                          • Opcode Fuzzy Hash: 0a6bf907b2b70cb591947218505b16bbe63a8acab1640d878548673a9b684e83
                                                          • Instruction Fuzzy Hash: 65213271A00209EFDF15DF98D884FAEBBF4FF08744F104469F948AB251D770AA509BA0
                                                          Function 0144E401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145384E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                                          • API String ID: 689400697-2008077614
                                                          • Opcode ID: 25efce45eb7aed676a5f64afbcac4db0bd234a74a8d6caaa953b64856cad1dda
                                                          • Instruction ID: 69ace837a122421f3a7bab13952847fbf0f25fe228bb54b2609d7dd6aac29221
                                                          • Opcode Fuzzy Hash: 25efce45eb7aed676a5f64afbcac4db0bd234a74a8d6caaa953b64856cad1dda
                                                          • Instruction Fuzzy Hash: 8611E776380345BBEF665F579C06EAB3FA9FB64B60F00405AFE00691F1D972D9209760
                                                          Function 0144E40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014532F9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                                          • API String ID: 689400697-1172745827
                                                          • Opcode ID: 79df74c9e0bcb1fdb337df1e36f14f0c0282d44834f31da193931c18e5046f49
                                                          • Instruction ID: e3dc7a3a44aaaf6acf5c5711f58c9581a7105bfacf83048e00050da594c111db
                                                          • Opcode Fuzzy Hash: 79df74c9e0bcb1fdb337df1e36f14f0c0282d44834f31da193931c18e5046f49
                                                          • Instruction Fuzzy Hash: 9D11D536380245BBEB265F579C06E6B3FA9FB64760F004059FE00A91A2DE72D96097A0
                                                          Function 0144E413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453227
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                                          • API String ID: 689400697-2657764935
                                                          • Opcode ID: ffca248bbd958d11c1d6409a7b329103b3598a8027eb2fcaa56294a889418b1b
                                                          • Instruction ID: be7bbce8b430b678da136088a22658ea83e39259ab4195162c817bab9687255f
                                                          • Opcode Fuzzy Hash: ffca248bbd958d11c1d6409a7b329103b3598a8027eb2fcaa56294a889418b1b
                                                          • Instruction Fuzzy Hash: CA11D536380345BBEB225F97AC06EAB3F69FBA47A0F004059FE00691E1D972D920D760
                                                          Function 0144E452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014533CB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                                          • API String ID: 689400697-3640258815
                                                          • Opcode ID: f47291131c09950d81305308458585aa0799b3c68df30f562ede2f30e9c45b9c
                                                          • Instruction ID: 56aa5b78394bec0c15c83cd22573728027fec602c197e525847d96f21e7d139a
                                                          • Opcode Fuzzy Hash: f47291131c09950d81305308458585aa0799b3c68df30f562ede2f30e9c45b9c
                                                          • Instruction Fuzzy Hash: 091108393C03457BEB665E57AC06E2B3F58FB61B60F40406AFF00AA1E1D97299518770
                                                          Function 0144E46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145360B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                                          • API String ID: 689400697-848437295
                                                          • Opcode ID: f71b44463e9c6ca632a1188486992877d580851ff15b1968af2a8faf60a06d8f
                                                          • Instruction ID: e2e0f18ea447b93056585a9a0d07bbe26f65dd9e7975ba7288ff9bb1d839e64d
                                                          • Opcode Fuzzy Hash: f71b44463e9c6ca632a1188486992877d580851ff15b1968af2a8faf60a06d8f
                                                          • Instruction Fuzzy Hash: 051104753803457BEB725E57AC06E2B3BACFB61B60F00005EFE04A92E1D972E95087B0
                                                          Function 0144E476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453548
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                                          • API String ID: 689400697-3257054040
                                                          • Opcode ID: ddbb72dbb3a7297fd87a569f08314e67ca4ad23db0af7a7c93b0aad3db8cfd23
                                                          • Instruction ID: 3368ae72fd189e1565ce710289ae94e81e41d396852a0ad5bc391d0a9eebd844
                                                          • Opcode Fuzzy Hash: ddbb72dbb3a7297fd87a569f08314e67ca4ad23db0af7a7c93b0aad3db8cfd23
                                                          • Instruction Fuzzy Hash: 3D11C475380345BBEB765E57AC06F2B3BACFB60B64F00405AFE00AA1E1DD72D9109760
                                                          Function 0144E4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145417E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                                          • API String ID: 689400697-1164902870
                                                          • Opcode ID: 86c5f801217aa0c637d84d616e33609a4bd3cae0325344791e7c417f202fa6ac
                                                          • Instruction ID: 4eb5143b213e64ac487e6faa0af70191060d3955091406da5a9269204ea4358e
                                                          • Opcode Fuzzy Hash: 86c5f801217aa0c637d84d616e33609a4bd3cae0325344791e7c417f202fa6ac
                                                          • Instruction Fuzzy Hash: AA11EB393843457BE7665A57AC06E2B3F6CF765A60F04405EFE00AD1E1ED71DA608770
                                                          Function 0144E4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014540BB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                                          • API String ID: 689400697-247170817
                                                          • Opcode ID: a5a61cee6993e8fe523475963982888d3765816352133584ffe5be5100cbe3fe
                                                          • Instruction ID: edfd380c6de2622cd0a25886b5e4dfcc89ac1a58db5ee247c55b32f007776979
                                                          • Opcode Fuzzy Hash: a5a61cee6993e8fe523475963982888d3765816352133584ffe5be5100cbe3fe
                                                          • Instruction Fuzzy Hash: 7B1108353843457BEB626A17AC06E2B3E9CF7A1A21F04405EFE00AD1E1E972D9508370
                                                          Function 0144E4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01454544
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                                          • API String ID: 689400697-1495805676
                                                          • Opcode ID: 6501ddcedc5f65adc92f9f2b25832103383aff63bdc5e55c2db50be2993e49cf
                                                          • Instruction ID: 067ac17e3aef8ff381b8b67cce90c5351a2c8905ddced36d3a7cb2b077b1da02
                                                          • Opcode Fuzzy Hash: 6501ddcedc5f65adc92f9f2b25832103383aff63bdc5e55c2db50be2993e49cf
                                                          • Instruction Fuzzy Hash: 6C110875380345BBFB615A57AC06E6B3FA8F760A20F44405AFF00AE5E1E971D9508764
                                                          Function 0144E49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01454481
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                                          • API String ID: 689400697-3834539683
                                                          • Opcode ID: 93cc5f7699ba3e0c0df922d0e3d6ab9569f0a2e3fc682ebf01fadf6dd3ab3a50
                                                          • Instruction ID: 3424168a31d0a9c7e0291bf533b6349aadd5908b50cdec7c837c85f5f6f292db
                                                          • Opcode Fuzzy Hash: 93cc5f7699ba3e0c0df922d0e3d6ab9569f0a2e3fc682ebf01fadf6dd3ab3a50
                                                          • Instruction Fuzzy Hash: 891108753C03457BEB615A57AC02E2B3F58F761A20F04805AFF00AD5E2E971DA60D770
                                                          Function 01421A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ncrush_context_reset.GETSCREEN-456311346-X86(00000000,00000000), ref: 01421B36
                                                          Strings
                                                          • ncrush_context_new: failed to initialize tables, xrefs: 01421B0F
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 01421B19
                                                          • ncrush_context_new, xrefs: 01421B14
                                                          • com.freerdp.codec, xrefs: 01421AF1
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ncrush_context_reset
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                                          • API String ID: 2838332675-904927664
                                                          • Opcode ID: 1e302b47c87af03a1215c5286d4857f0032a70921b019e8eab964867c11329cb
                                                          • Instruction ID: 6b6acb0a4fdb79b7bc31d59ab6246d872c390b2ffb17f01fa0000a6c0e4264c0
                                                          • Opcode Fuzzy Hash: 1e302b47c87af03a1215c5286d4857f0032a70921b019e8eab964867c11329cb
                                                          • Instruction Fuzzy Hash: 8E1129B22007033AE705AB17DC41F97BB6CFB20B60F40411EF5149A290EFB2999086A1
                                                          Function 0144E4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453F3E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                                          • API String ID: 689400697-3211427146
                                                          • Opcode ID: 96e4944d6e06ab73719109ff7e89fe1441e0d389b26dcd5ff93b9f8f309b8593
                                                          • Instruction ID: dd4f6da10cbfe934f116f21eaa88847f26dd3fd8612801cdc2cc1f2f7a277f86
                                                          • Opcode Fuzzy Hash: 96e4944d6e06ab73719109ff7e89fe1441e0d389b26dcd5ff93b9f8f309b8593
                                                          • Instruction Fuzzy Hash: E611EB76384341BBE7625B57AC12E2B3F6DF765B60F00415EFA40AA1E1D971D9108360
                                                          Function 0144E4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453E7E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                                          • API String ID: 689400697-2578917824
                                                          • Opcode ID: bbb181bd06531ccd7dac5d818228e5dc8d2876383ce651b45e51d7d1e559f16d
                                                          • Instruction ID: e64101beeaff6aeec5b05c993ffcfe26bd40f0672d23be24eba929e19164ca13
                                                          • Opcode Fuzzy Hash: bbb181bd06531ccd7dac5d818228e5dc8d2876383ce651b45e51d7d1e559f16d
                                                          • Instruction Fuzzy Hash: 8611EB76380341BBE7625A57AC02E2F3BACF765B71F00415EFA00A91E1D972D9109360
                                                          Function 0144E4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145378E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                                          • API String ID: 689400697-3754301720
                                                          • Opcode ID: cec96d05a279358ab10b475523a5ef326a54290e1740bced73ba2eba89a86502
                                                          • Instruction ID: ff1c6abd658bdf0ef7427c1b7a43b2acd2679de9aa788735e782d63c03a68264
                                                          • Opcode Fuzzy Hash: cec96d05a279358ab10b475523a5ef326a54290e1740bced73ba2eba89a86502
                                                          • Instruction Fuzzy Hash: 3E11C4753803417BE7665B5BAC06E2B3B9CF7A1B60F04405AFE10A91E1D971D95087A0
                                                          Function 0144E4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014536CE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                                          • API String ID: 689400697-3413647607
                                                          • Opcode ID: 99d07ecf36a7e90d863ecde5aee4c35724953abcd883c1d8374d5c6ea931160a
                                                          • Instruction ID: a6c7bd4fd7231a991ba72acd530ff9d1c58004f43434530fd5ee7496ae417ead
                                                          • Opcode Fuzzy Hash: 99d07ecf36a7e90d863ecde5aee4c35724953abcd883c1d8374d5c6ea931160a
                                                          • Instruction Fuzzy Hash: CC11E7B53803817BE7625A5BEC46E2B3B9CFB61B60F44405EFE00AD1E1D971D9108760
                                                          Function 0142954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_image_copy.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 014295B5
                                                          Strings
                                                          • SmartScaling requested but compiled without libcairo support!, xrefs: 014295E6
                                                          • freerdp_image_scale, xrefs: 014295EB
                                                          • com.freerdp.color, xrefs: 014295C8
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 014295F0
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_image_copy
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                                          • API String ID: 1523062921-212429655
                                                          • Opcode ID: b3f0d8b7d78f18a9131946a34291f99612321431ad4a991177f50fc09f028f34
                                                          • Instruction ID: eedc5f6e071fa6ba84524288ca06f60671daed6d046b07143421adcccbece671
                                                          • Opcode Fuzzy Hash: b3f0d8b7d78f18a9131946a34291f99612321431ad4a991177f50fc09f028f34
                                                          • Instruction Fuzzy Hash: E121E7B2340209BBEF15DE14CC12FAE3795FB14704F44410AFD049A260E731D5A1DB40
                                                          Function 0144E440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01452FF0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                                          • API String ID: 689400697-1149382491
                                                          • Opcode ID: 1af76a8db532be211a5fdc0657ea6473082dd88a3db211c380280deae39f2658
                                                          • Instruction ID: 02ef7bb2c6737a6f07962269954f19d10cd8a75e737bfa82fa6fb86822cef1be
                                                          • Opcode Fuzzy Hash: 1af76a8db532be211a5fdc0657ea6473082dd88a3db211c380280deae39f2658
                                                          • Instruction Fuzzy Hash: 4C1194753843417BE7755A2BAC06E6B3F9CBB61F60F00405AFF04AA1E1D972995092A0
                                                          Function 0144E449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01452F33
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                                          • API String ID: 689400697-255015424
                                                          • Opcode ID: 4a1c7693d95a2b4c7409452c167f7dc4d461e1117550881e1c9cd926391752c5
                                                          • Instruction ID: 4b03805e5dbad31aac37607c56827bf088c79c65b0b44b25af8f142e065f28f6
                                                          • Opcode Fuzzy Hash: 4a1c7693d95a2b4c7409452c167f7dc4d461e1117550881e1c9cd926391752c5
                                                          • Instruction Fuzzy Hash: 8D11C476384341BBE7255657AC16E2B3F9CF765A20F00405BFA04AD1E1D9A299509360
                                                          Function 0144E41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453920
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                                          • API String ID: 689400697-2845897268
                                                          • Opcode ID: f67b7a5058de13935bb27103dc601cf6bb5a837dede88ec5de169c27c5ad56d6
                                                          • Instruction ID: ad269b274fbcd56f81ee0bdc69fac9d2b6be523a74ad6ef53c56892623e2e2ff
                                                          • Opcode Fuzzy Hash: f67b7a5058de13935bb27103dc601cf6bb5a837dede88ec5de169c27c5ad56d6
                                                          • Instruction Fuzzy Hash: 92110AB53C03457BF7615A1BAC06E2B7FACFBA0BA0F00415EFA00AE1E1D971D91087A0
                                                          Function 0144E425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014539DD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                                          • API String ID: 689400697-1972714555
                                                          • Opcode ID: daf50e3389473f3a59e65c4f858d18d1d4b8158d7f142ae0ab005b74addeba90
                                                          • Instruction ID: befd7519ff75c350919fd037324fe7db6d42781035fa1d1c2ae6007db96cfb99
                                                          • Opcode Fuzzy Hash: daf50e3389473f3a59e65c4f858d18d1d4b8158d7f142ae0ab005b74addeba90
                                                          • Instruction Fuzzy Hash: 1E11CA753C03417BE7655A5BAC16E2B3F6CFBA1B60F00415EFA00AE1E1E9719D1087B0
                                                          Function 0144E4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453FFE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                                          • API String ID: 689400697-2156878011
                                                          • Opcode ID: 674543aa227707637710f028dfa3064fbae0a3c222fd7a814551dfd9ff5988c7
                                                          • Instruction ID: 9a8b6b7a661a1306c0bfb262a0d1e6cd535f3783f6be308451dde48636dd093f
                                                          • Opcode Fuzzy Hash: 674543aa227707637710f028dfa3064fbae0a3c222fd7a814551dfd9ff5988c7
                                                          • Instruction Fuzzy Hash: C811CA753803457BE7B5565BAC06F2B3B9CF7A1F24F04415EFA04AE1E2E9A2D95083B0
                                                          Function 0144E4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145316A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                                          • API String ID: 689400697-3351603741
                                                          • Opcode ID: 08a6709681c36d901a542c501d63930f25adad456389db14afcb80a37ffe27aa
                                                          • Instruction ID: 56c02abd10f5c35132314d903e73e7efe1bf50f43162c4b3d09317263971ed53
                                                          • Opcode Fuzzy Hash: 08a6709681c36d901a542c501d63930f25adad456389db14afcb80a37ffe27aa
                                                          • Instruction Fuzzy Hash: AB11E7363C03457BE7656B57AC06E2B3F6CF761B60F00405AFE00A91E2D972E9108760
                                                          Function 0144E4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 014530AD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                                          • API String ID: 689400697-2261828479
                                                          • Opcode ID: 51793a9f096ffdbdcfa6b4b41ce7d7a8e043750a028f4a0e58f685fe4e025df9
                                                          • Instruction ID: 41d252247832fe8cc28d35a58389de42201eb74eaf1db32a89059f99a7a0fc68
                                                          • Opcode Fuzzy Hash: 51793a9f096ffdbdcfa6b4b41ce7d7a8e043750a028f4a0e58f685fe4e025df9
                                                          • Instruction Fuzzy Hash: 0C11E7653803417BE7615A27AC07E6B3AACF765B60F00405AFA10AA1E2D9A2DA5082B0
                                                          Function 0144E507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453A9A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                                          • API String ID: 689400697-4185332897
                                                          • Opcode ID: 352e028ffa95922197ac71e95caea3562dc87f3171a2298c8dfacca8b8dda9ba
                                                          • Instruction ID: 9eade1c11960b647454bc1463213784feda400d4cf8cfa2bf080523c0e7d3a1b
                                                          • Opcode Fuzzy Hash: 352e028ffa95922197ac71e95caea3562dc87f3171a2298c8dfacca8b8dda9ba
                                                          • Instruction Fuzzy Hash: 0511C6757803417BE7665A1BAC07E2B3B9CFBA1B60F40415EFA04AA1E2DDA1991086A0
                                                          Function 0144E510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 0145348E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                                          • API String ID: 689400697-3116451197
                                                          • Opcode ID: 62663f0dbe6eab3ae894e164f9391b4513d2bd16bef91fbe3b517d6695a15fa0
                                                          • Instruction ID: c8bc451756e359d873216dd3174bf3d10a261ecf92130a7143e706e3fa979e5b
                                                          • Opcode Fuzzy Hash: 62663f0dbe6eab3ae894e164f9391b4513d2bd16bef91fbe3b517d6695a15fa0
                                                          • Instruction Fuzzy Hash: B811C6793C03417BE6765A2BAC07F2B3E9CF7A1B60F44416AFA00AA1E1D971E9508264
                                                          Function 0144E45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453B54
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                                          • API String ID: 689400697-1791514552
                                                          • Opcode ID: 5ec3750403b8aa7f4fd4347fd14e0ab7cd6f3e109c662363be95c03a2d6e4360
                                                          • Instruction ID: 3b09d724780f055be0a40d91730d2081f723d5589ec4e32fc032937c991763ff
                                                          • Opcode Fuzzy Hash: 5ec3750403b8aa7f4fd4347fd14e0ab7cd6f3e109c662363be95c03a2d6e4360
                                                          • Instruction Fuzzy Hash: F711CA753803417BE7665A5BAC07E2B3E5CFBA1B60F40409AFA00AE1E2DD61DA1087B4
                                                          Function 0144E464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01453C0E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                                          • API String ID: 689400697-4242683877
                                                          • Opcode ID: e60ad098f148530a9a69be8d6b28ba8669356d792e5206385a53a8e0be727f57
                                                          • Instruction ID: 77a0f5b43b68ccf1a1e3443b0254332dd7c20a21a5168e49415e5d1e66dd47f0
                                                          • Opcode Fuzzy Hash: e60ad098f148530a9a69be8d6b28ba8669356d792e5206385a53a8e0be727f57
                                                          • Instruction Fuzzy Hash: 27118A663803417BE6665A1BAC46E6B3F5CF7A1B60F44405EFE00AA1F2D961DA518260
                                                          Function 0144E4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(017070C8,01454AA1,00000000,00000000), ref: 01454241
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Once$ExecuteInit
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                                          • API String ID: 689400697-954186549
                                                          • Opcode ID: 84416c140eea776d4b6ef2c22634e07629c9e86f520886d7c80ce62e9788a761
                                                          • Instruction ID: ef133af83475c277facec5d01af2c06b80cd73c6a227d6769444818373351191
                                                          • Opcode Fuzzy Hash: 84416c140eea776d4b6ef2c22634e07629c9e86f520886d7c80ce62e9788a761
                                                          • Instruction Fuzzy Hash: 7811E3653843417BF625571BBC06E2B3B9CF7A1AA0F04005EBE00AE1E2E9A19A908660
                                                          Function 014D65C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • primitives_get.GETSCREEN-456311346-X86 ref: 014D65CB
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 014D6633
                                                          • error when decoding lines, xrefs: 014D6629
                                                          • yuv_process_work_callback, xrefs: 014D662E
                                                          • com.freerdp.codec, xrefs: 014D660B
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: primitives_get
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                                          • API String ID: 2017034601-2620645302
                                                          • Opcode ID: 5a32ec7c5276a02411430156da0b55e005c8f729135ff9ef2ca69d773e192f1b
                                                          • Instruction ID: d3521c6faee46dec4b8cc3d53f6cfa67f20cc7ed8a2cc5b1f381d88f6f2d11bf
                                                          • Opcode Fuzzy Hash: 5a32ec7c5276a02411430156da0b55e005c8f729135ff9ef2ca69d773e192f1b
                                                          • Instruction Fuzzy Hash: 190196B1A40306AFEB18DF59DC11F5ABBA8FF18614F00415EFA08DA391E775E5408B98
                                                          Function 014D1D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %zd;NAME=%s%zd;PASS=%s
                                                          • API String ID: 4218353326-3114484625
                                                          • Opcode ID: bed660dc8c6aae7d3885444ad59dbbca4ec69931807c1d36eb0dc3be92c9c024
                                                          • Instruction ID: 811317e2f5102232e465694c0a4cc7b0c021710ccf1800947d909e5ffc3fad6c
                                                          • Opcode Fuzzy Hash: bed660dc8c6aae7d3885444ad59dbbca4ec69931807c1d36eb0dc3be92c9c024
                                                          • Instruction Fuzzy Hash: 94016975E00208BFDF14AFE9CD82ADD7BB4EF24204F00886FEE099A321E6759651DB51
                                                          Function 01429EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_extents.GETSCREEN-456311346-X86(?), ref: 01429F06
                                                          • region16_extents.GETSCREEN-456311346-X86(?,?), ref: 01429F12
                                                          • region16_n_rects.GETSCREEN-456311346-X86(?,?,?), ref: 01429F1D
                                                          • region16_n_rects.GETSCREEN-456311346-X86(?), ref: 01429F7D
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: region16_extentsregion16_n_rects
                                                          • String ID:
                                                          • API String ID: 2062899502-0
                                                          • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                                          • Instruction ID: 57583f0ac1c11f94375199a52b830c45b984012192a16bfdfc0873ba48904430
                                                          • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                                          • Instruction Fuzzy Hash: 4D510975D0012A9BCB14DF9AC8408BEF7F5FF18750B55816AE859E7360E334AE80CBA4
                                                          Function 014D408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strncpy
                                                          • String ID:
                                                          • API String ID: 2961919466-0
                                                          • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                                          • Instruction ID: bd75df41f64d6d37e0f2746945accb1275dea98b467ebac838425d25c7f9ba9e
                                                          • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                                          • Instruction Fuzzy Hash: 2C1166B9400707BEDB319E65D844B93FBBCEF24208F04492BE59947A21F335A559C7B1
                                                          Function 00E48E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitOnceExecuteOnce.KERNELBASE(01681278,00E48C90,00E48EC0,00000000), ref: 00E48E6A
                                                          • GetLastError.KERNEL32 ref: 00E48E7F
                                                          • TlsGetValue.KERNEL32 ref: 00E48E8D
                                                          • SetLastError.KERNEL32(00000000), ref: 00E48E96
                                                          • TlsAlloc.KERNEL32 ref: 00E48EC3
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastOnce$AllocExecuteInitValue
                                                          • String ID:
                                                          • API String ID: 2822033501-0
                                                          • Opcode ID: 243f34271b8d83755ff18124d69411a36997f96786ab40f78724c4de45c0276c
                                                          • Instruction ID: 12cf3be7a108dea2ea98ebd1efe76e5261904a6afa32a459dcd93c37812268e2
                                                          • Opcode Fuzzy Hash: 243f34271b8d83755ff18124d69411a36997f96786ab40f78724c4de45c0276c
                                                          • Instruction Fuzzy Hash: 8A01D675600208AFCB209FB5FD48A6E7BB8FB49724F44522AF815E7254EB309950CB60
                                                          Function 00E2A790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                                          • API String ID: 4218353326-3992632484
                                                          • Opcode ID: 7629a106f86705fe7ddce6dac267f68f724fac2ab8d32dc3095cadec079eaa1a
                                                          • Instruction ID: 2d735040daabfdba5fa7255f694f662cfa0d11e4719cda37b2ae479139e91d63
                                                          • Opcode Fuzzy Hash: 7629a106f86705fe7ddce6dac267f68f724fac2ab8d32dc3095cadec079eaa1a
                                                          • Instruction Fuzzy Hash: DD416572F0036617EB285A11EC45BBA7328BBE5348F585239ED44F6281EB708A45C2D2
                                                          Function 014D49E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_print.GETSCREEN-456311346-X86(?,?,?), ref: 014D4A72
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: audio_format_print
                                                          • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                                          • API String ID: 2744001552-3527835062
                                                          • Opcode ID: 2409f8c0966bfc65bf32eb4b8c807f90c792909cc67defaae08163f67d965dac
                                                          • Instruction ID: 85c388d00a52159265b6a4502500ad0534b996baa0bc40fd6380bd28806934e5
                                                          • Opcode Fuzzy Hash: 2409f8c0966bfc65bf32eb4b8c807f90c792909cc67defaae08163f67d965dac
                                                          • Instruction Fuzzy Hash: 12110A7274031737EE15AE5B5C45FBF2B9CBF71A60F44000FF91476690E6B5D60182A6
                                                          Function 0144783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: audin$rdpsnd
                                                          • API String ID: 0-930729200
                                                          • Opcode ID: 8526ed866b00b97359503a2e0a2c018125addf1c4233c84401857a9f73a6bec9
                                                          • Instruction ID: 16112ad4c557c6162b71869dd7edc0329d68ead6feb3d61a3084642416ff1639
                                                          • Opcode Fuzzy Hash: 8526ed866b00b97359503a2e0a2c018125addf1c4233c84401857a9f73a6bec9
                                                          • Instruction Fuzzy Hash: 51119031A00A56AFFB25CF79C88069BF7A4BB04B42F14822FE15856250D7706591CBD1
                                                          Function 01404029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _strlen.LIBCMT ref: 0140403A
                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 01404060
                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 01404076
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: File$CreatePointer_strlen
                                                          • String ID: %s %hu %s %s %s
                                                          • API String ID: 4211031630-2916857029
                                                          • Opcode ID: 0f21191b1a5bffb58ac269c527e2d7e17038fecd513a243800543f875e4a25cd
                                                          • Instruction ID: beccf4959724a546bf87bcd6c2e1356ebf50b84683777d6b698eb897f7b34dd5
                                                          • Opcode Fuzzy Hash: 0f21191b1a5bffb58ac269c527e2d7e17038fecd513a243800543f875e4a25cd
                                                          • Instruction Fuzzy Hash: 4001A235201120BBDB212A67DC4EEA77F69EF46774F188169FA189D0E2D732C812D7B0
                                                          Function 014D4701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • audio_format_get_tag_string.GETSCREEN-456311346-X86(?,?,?,?,?,?,?,?), ref: 014D4737
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 014D4748
                                                          • audio_format_print, xrefs: 014D4743
                                                          • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 014D473E
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: audio_format_get_tag_string
                                                          • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                                          • API String ID: 2866491501-3564663344
                                                          • Opcode ID: 9f0e1113347424a3c5a3b16a3583c4723ba32845a9a0b716a9dd642740e4db35
                                                          • Instruction ID: 161ee4494b94c1e77d5c3c3900d8dc17b310c824fac2691c47a341085ddaf7c1
                                                          • Opcode Fuzzy Hash: 9f0e1113347424a3c5a3b16a3583c4723ba32845a9a0b716a9dd642740e4db35
                                                          • Instruction Fuzzy Hash: 94F090B5140309BAEB041F42CC05E3637AEFB28A14F24804EFD5C9C0A1E67BD9A2E320
                                                          Function 013C2713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_get_last_error.GETSCREEN-456311346-X86(?), ref: 013C2725
                                                          • freerdp_set_last_error_ex.GETSCREEN-456311346-X86(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 013C2745
                                                          Strings
                                                          • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 013C2734
                                                          • freerdp_abort_connect, xrefs: 013C2739
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                                          • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                                          • API String ID: 3690923134-629580617
                                                          • Opcode ID: c38413d95935334a82e2a979f28e40316f98672cf8ed5ef01883af3724f4ef62
                                                          • Instruction ID: c0b16ded859ca7d7ce3d73cc53bf3acae8a7141d436e2b5c118c4185798bf7b9
                                                          • Opcode Fuzzy Hash: c38413d95935334a82e2a979f28e40316f98672cf8ed5ef01883af3724f4ef62
                                                          • Instruction Fuzzy Hash: 70E04835240215EEEA317D29EC42B56B794BF10F98F14442DE5C47A452E7615D509780
                                                          Function 014D632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • primitives_get.GETSCREEN-456311346-X86 ref: 014D633F
                                                          • primitives_flags.GETSCREEN-456311346-X86(00000000), ref: 014D6353
                                                          • TpWaitForWork.NTDLL(00000000,00000000), ref: 014D64A9
                                                          • TpReleaseWork.NTDLL(00000000), ref: 014D64B2
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                                          • String ID:
                                                          • API String ID: 704174238-0
                                                          • Opcode ID: 3ed38785020e4f42a9ebae45f235c30e670755e173176719b7a80c5b6f5d9577
                                                          • Instruction ID: d8b8e72589722bc6c0b0ae1b2c459890f7e5656f7506fcf5d3af664fbbc2dcaf
                                                          • Opcode Fuzzy Hash: 3ed38785020e4f42a9ebae45f235c30e670755e173176719b7a80c5b6f5d9577
                                                          • Instruction Fuzzy Hash: 196149B5A0020ADFCB04CF68C9919AEBBF5FF58310B15816AE919EB360D730E951CF90
                                                          Function 0142C297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gdi_SetRgn.GETSCREEN-456311346-X86(?,?,?,?,00000000,00000001,?,?), ref: 0142C324
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: gdi_
                                                          • String ID:
                                                          • API String ID: 2273374161-0
                                                          • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                                          • Instruction ID: 55e7c15743db970b6f1594ef9ca06db43b769c35a2014fd0f1afc2cf39ee8575
                                                          • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                                          • Instruction Fuzzy Hash: F331ED71900219EFDB10DF99C98499EBBF9FF58210F54846AE905E7220D335EA85CFA0
                                                          Function 01455C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 01455C16
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01455C34
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01455C54
                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 01455C9A
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$Leave$Enter
                                                          • String ID:
                                                          • API String ID: 2978645861-0
                                                          • Opcode ID: 15dbb0a6cc46870c6448d3d650ca677825dc2ee365ddc63afed0c9d0cdc7f8dd
                                                          • Instruction ID: c0cb211ec5c19cbb94f36a38594878d4d6824cf48030376a1d3a49bec5ffb886
                                                          • Opcode Fuzzy Hash: 15dbb0a6cc46870c6448d3d650ca677825dc2ee365ddc63afed0c9d0cdc7f8dd
                                                          • Instruction Fuzzy Hash: F021AF31500605EFDB228F18C984A7A7BF4FF45361F15466EE982EB362D770B941CB50
                                                          Function 01429BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • region16_rects.GETSCREEN-456311346-X86(?,00000000), ref: 01429BDC
                                                          • region16_extents.GETSCREEN-456311346-X86(?), ref: 01429BEC
                                                          • rectangles_intersects.GETSCREEN-456311346-X86(00000000,?), ref: 01429BF7
                                                            • Part of subcall function 014297FD: rectangles_intersection.GETSCREEN-456311346-X86(?,?,?), ref: 0142980C
                                                          • rectangles_intersects.GETSCREEN-456311346-X86(00000000,?), ref: 01429C1A
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                                          • String ID:
                                                          • API String ID: 3854534691-0
                                                          • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                                          • Instruction ID: 773cd055153f210c908286622c1653d18028a9ee15c7d73233f819f5d7e4e4ae
                                                          • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                                          • Instruction Fuzzy Hash: F501C83351423959AB359A5BD48067BE7DCDF50578F94401FE91897160E735ECC1C1A8
                                                          Function 01441F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_new.GETSCREEN-456311346-X86 ref: 01441F56
                                                          • freerdp_context_new.GETSCREEN-456311346-X86(00000000,00000000,?,?), ref: 01441FA4
                                                          • freerdp_register_addin_provider.GETSCREEN-456311346-X86(?,00000000), ref: 01441FC7
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                                          • String ID:
                                                          • API String ID: 3731710698-0
                                                          • Opcode ID: 929c6a7b2b409f3a8bcea57ddb17fda4b11360776ec2fce96368434208e7f577
                                                          • Instruction ID: 5c725d1c3c3cafbb9f6b61a652bf36691b517c4804df82ada2ffced74ca21d3e
                                                          • Opcode Fuzzy Hash: 929c6a7b2b409f3a8bcea57ddb17fda4b11360776ec2fce96368434208e7f577
                                                          • Instruction Fuzzy Hash: 2D11A331604B036BF725AF6AD810B97BBA9BFB0A20F10441FE55987360EB71F491C790
                                                          Function 014D621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: __aligned_free
                                                          • String ID:
                                                          • API String ID: 733272558-0
                                                          • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                                          • Instruction ID: d390ab688f61d6956ce9ce6f1729c7c2aea98ecec28d58053cbda9b5b36fcda5
                                                          • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                                          • Instruction Fuzzy Hash: EBE04F31401B157FCE717B66CD4099BBB99BF38605705041AF54657630C671A8519BF0
                                                          Function 013D6AF2 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_free.GETSCREEN-456311346-X86(00000000), ref: 013D7326
                                                            • Part of subcall function 013D7F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 013D7FCC
                                                            • Part of subcall function 013D7F9B: freerdp_settings_set_string.GETSCREEN-456311346-X86(?,00000680,?), ref: 013D7FFC
                                                          • freerdp_settings_set_string.GETSCREEN-456311346-X86(00000000,00000086,?), ref: 013D6D8C
                                                          Strings
                                                          • C:\Windows\System32\mstscax.dll, xrefs: 013D6F3F
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                                          • String ID: C:\Windows\System32\mstscax.dll
                                                          • API String ID: 2334115954-183970058
                                                          • Opcode ID: 6e8571f8a11e5ce580e180c7e569d682c8d5979f882fbd231229c80a1dd4186c
                                                          • Instruction ID: b030047c6548788dc1a4a47491d976e5ff148eebe76f0b33012df90c83632212
                                                          • Opcode Fuzzy Hash: 6e8571f8a11e5ce580e180c7e569d682c8d5979f882fbd231229c80a1dd4186c
                                                          • Instruction Fuzzy Hash: 40E1D8B1504F009EE324DF39D885B93BBE4FF18315F51592EE5AE8B390DBB1A5808B48
                                                          Function 0142D99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: Rectgdi_
                                                          • String ID:
                                                          • API String ID: 2404991910-3916222277
                                                          • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                                          • Instruction ID: 05c2b5a8f4b20ddf0fdaa026479162dc29bc881a85a1e13355e10600904ed777
                                                          • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                                          • Instruction Fuzzy Hash: 1051D27340015ABBDF02DE94CD50DEB7BAEBF18244F49425AFF1991120E732E5A1ABA1
                                                          Function 014568CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,01456A0A,?,?,00000000,?,0144E976,00000000), ref: 0145697B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalInitializeSectionSpin
                                                          • String ID: %s: unknown handler type %u$WLog_Appender_New
                                                          • API String ID: 2593887523-3466059274
                                                          • Opcode ID: 79078ed7b703a6d1b333c5b6fa80ffae2d1e83e0c234fee6d7bfe6da8d797fcc
                                                          • Instruction ID: 976f1f4ccb865136b0407b6e0bc430ac84fc18e5028f865319658ab03eea2c06
                                                          • Opcode Fuzzy Hash: 79078ed7b703a6d1b333c5b6fa80ffae2d1e83e0c234fee6d7bfe6da8d797fcc
                                                          • Instruction Fuzzy Hash: 8E11293254820266A7E2797E9C44DFFAB78AB72931B86001FFD05A6277DA30D50251A2
                                                          Function 013C3FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %s%s-client.%s$DeviceServiceEntry
                                                          • API String ID: 0-2733899524
                                                          • Opcode ID: 9454d507b2e1ba8f77c30343cea953d9d25c146e1b65d767fba7296c9ef998da
                                                          • Instruction ID: 6e5ef91eacafc54b7a4ac56979313972ee4f1b40f7b63b915f39234d23fdb391
                                                          • Opcode Fuzzy Hash: 9454d507b2e1ba8f77c30343cea953d9d25c146e1b65d767fba7296c9ef998da
                                                          • Instruction Fuzzy Hash: 96119476A002196BFB109E9DD891AAF7BACEF90E58F04401EFE14D7241D771DD018B90
                                                          Function 0144EBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,0144E987), ref: 0144EBF6
                                                          • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,0144E987), ref: 0144EC1A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WLOG_FILTER
                                                          • API String ID: 1431749950-2006202657
                                                          • Opcode ID: ca6e9a3c39b4d7ac52fbbcdac1135a8978300e65019ff3b20bfaabec1022b9bf
                                                          • Instruction ID: 287ff849e0c374cc8285728efe15254890b270e8d7ff4a950cbaaea4f808f645
                                                          • Opcode Fuzzy Hash: ca6e9a3c39b4d7ac52fbbcdac1135a8978300e65019ff3b20bfaabec1022b9bf
                                                          • Instruction Fuzzy Hash: 2EF0F633315215AB623127A6BD58C2F7FADFAB56B8391002FF108DB114EE795C4187A4
                                                          Function 0144BC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: .msrcIncident$.rdp
                                                          • API String ID: 4218353326-1437571178
                                                          • Opcode ID: 24ebb44851ed494b509a232d2c7b577b7bec231a94b26e227777be6cdd56e4b5
                                                          • Instruction ID: 132b22955483b85170a4ec431e496c3a01689fda3c9ec9b5dee8cdee9c6622f8
                                                          • Opcode Fuzzy Hash: 24ebb44851ed494b509a232d2c7b577b7bec231a94b26e227777be6cdd56e4b5
                                                          • Instruction Fuzzy Hash: 31F0AC32A00E07ABB92499BADC8182B3344EB11030350072FE43FD32F0DE30D41081E8
                                                          Function 01454BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01454AE3), ref: 01454BCC
                                                          • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01454AE3), ref: 01454BEC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: WINPR_NATIVE_SSPI
                                                          • API String ID: 1431749950-1020623567
                                                          • Opcode ID: dde8feafc35c984f39dccd3aa6264ca9815031359dd468b397c9598efe073b9b
                                                          • Instruction ID: 4683b2a50dab0c30a72a937a1a2751a4fe08a81c4556acb0b46c62e34f9b860b
                                                          • Opcode Fuzzy Hash: dde8feafc35c984f39dccd3aa6264ca9815031359dd468b397c9598efe073b9b
                                                          • Instruction Fuzzy Hash: 19F0973329503326E336206A2C04F2F1EB8DBE6E20B1A012FFA01DF196E930888341E0
                                                          Function 0141A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • rfx_context_new.GETSCREEN-456311346-X86(?), ref: 0141A2ED
                                                            • Part of subcall function 0140E4DD: GetVersionExA.KERNEL32(?), ref: 0140E5CD
                                                            • Part of subcall function 0140E4DD: GetNativeSystemInfo.KERNEL32(?), ref: 0140E5E7
                                                            • Part of subcall function 0140E4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0140E612
                                                          • progressive_context_free.GETSCREEN-456311346-X86(00000000), ref: 0141A36D
                                                          Strings
                                                          • com.freerdp.codec.progressive, xrefs: 0141A2CA
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                                          • String ID: com.freerdp.codec.progressive
                                                          • API String ID: 2699998398-3622116780
                                                          • Opcode ID: 8183f282621f5dc986eac2dbf31f35cf750c347f47c13e5f6c81adfbbcf1b2a7
                                                          • Instruction ID: 011b772be4558eeb78f6c842d0979b5e4d7887e4e5768a2242a64eedf6ab6b74
                                                          • Opcode Fuzzy Hash: 8183f282621f5dc986eac2dbf31f35cf750c347f47c13e5f6c81adfbbcf1b2a7
                                                          • Instruction Fuzzy Hash: 4CF0E03290574716F320ABB79800F5B7BD8DF62A70F24002FF608AB690D97090018261
                                                          Function 01401ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • freerdp_settings_get_key_for_name.GETSCREEN-456311346-X86(?), ref: 01401EEF
                                                          • freerdp_settings_get_type_for_key.GETSCREEN-456311346-X86(00000000), ref: 01401F51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                                          • String ID: TRUE
                                                          • API String ID: 1888880752-3412697401
                                                          • Opcode ID: ad53e2466b9c5486c6fe43957c4197ba74c2546cac6e31873634d7d24be43712
                                                          • Instruction ID: 56f00d5761294fbc7d62868ca37dee162e912d5387d95042310b29607255ae24
                                                          • Opcode Fuzzy Hash: ad53e2466b9c5486c6fe43957c4197ba74c2546cac6e31873634d7d24be43712
                                                          • Instruction Fuzzy Hash: 26E0E5323102156F9A13AAAFDC85D9B365CEB65EA5B01003FF604AB2A0EBB1D90046A0
                                                          Function 014015BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %s:%s
                                                          • API String ID: 4218353326-3196766268
                                                          • Opcode ID: 9e81cd646c7cfc988757d80ee78ee6f6e38a485ec656fe2b57ce89f32702a979
                                                          • Instruction ID: 985bc315e6438b40f04672239e98dcdd7e441675662f96ec3f4b2644ac354f36
                                                          • Opcode Fuzzy Hash: 9e81cd646c7cfc988757d80ee78ee6f6e38a485ec656fe2b57ce89f32702a979
                                                          • Instruction Fuzzy Hash: C6F0E2B140020A7BDB212FA78C80D9B7B5CFF34264B45002AFD0856331E736D921D6E0
                                                          Function 01401493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: _strlen
                                                          • String ID: %s:%s
                                                          • API String ID: 4218353326-3196766268
                                                          • Opcode ID: c76109cfdd6332d44690d365b2a6ba9655437a1f553383844d3cff3fe35d8875
                                                          • Instruction ID: a89c5ab91ae47667e79c2886accbb2ad6d7ba96d9c2fa98e2c65cfda3f62e961
                                                          • Opcode Fuzzy Hash: c76109cfdd6332d44690d365b2a6ba9655437a1f553383844d3cff3fe35d8875
                                                          • Instruction Fuzzy Hash: 8AF0BEB140020A7BDB216EA68D80D9B3A9DEF34254B46013AFD0452331E635D82196E0
                                                          Function 0145717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,01457163), ref: 01457190
                                                          • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,01457163), ref: 014571B1
                                                            • Part of subcall function 01457310: LoadLibraryA.KERNEL32(?,?,014571C4,00000000,?,?,01457163), ref: 01457316
                                                            • Part of subcall function 01457310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0145732B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                                          • String ID: WTSAPI_LIBRARY
                                                          • API String ID: 3590464466-1122459656
                                                          • Opcode ID: bcf8be3bb90d1712b8ee312c0900da601dd500ca4613340c073959b007b79f2b
                                                          • Instruction ID: 619c6b60c873ef31a8003b60a6ff83a1cfd59231369cb5b06cb2f3d5fa843b1f
                                                          • Opcode Fuzzy Hash: bcf8be3bb90d1712b8ee312c0900da601dd500ca4613340c073959b007b79f2b
                                                          • Instruction Fuzzy Hash: 8BE0EC3114112325D33221596C09F5F3F1D9BD1A7AF90002EF8009E3969A3014018195
                                                          Function 01457310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(?,?,014571C4,00000000,?,?,01457163), ref: 01457316
                                                          • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0145732B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryLoadProc
                                                          • String ID: InitWtsApi
                                                          • API String ID: 2574300362-3428673357
                                                          • Opcode ID: 0fe9f4892e8a63aad19aeb460c3ac631821de9941ce7c0a047f553e97e7c24ec
                                                          • Instruction ID: 22224ac01f62bdb0634ecf00f62373b57a2702e67cd2deb54750fd4c0b426045
                                                          • Opcode Fuzzy Hash: 0fe9f4892e8a63aad19aeb460c3ac631821de9941ce7c0a047f553e97e7c24ec
                                                          • Instruction Fuzzy Hash: 07D02B316903059B9F159FF6EC0A4173FDDE7805613088432AC1CC5253EF30D010C760
                                                          Function 014BF42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,014AB650,01600388,0000000C), ref: 014BF430
                                                          • SetLastError.KERNEL32(00000000), ref: 014BF4D2
                                                          • GetLastError.KERNEL32(00000000,?,014A5FDD,014BF0E3,?,?,0144F77A,0000000C,?,?,?,?,013C27D2,?,?,?), ref: 014BF581
                                                          • SetLastError.KERNEL32(00000000,00000006), ref: 014BF623
                                                            • Part of subcall function 014BF066: HeapFree.KERNEL32(00000000,00000000,?,014A5F2D,?,?,?,0144FA9A,?,?,?,?,?,013C293F,?,?), ref: 014BF07C
                                                            • Part of subcall function 014BF066: GetLastError.KERNEL32(?,?,014A5F2D,?,?,?,0144FA9A,?,?,?,?,?,013C293F,?,?), ref: 014BF087
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1830413881.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                                          • Associated: 00000004.00000002.1830390590.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000156C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000160B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000161E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000162F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000167C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001718000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.00000000018FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000001901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002303000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.0000000002459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000246A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1830413881.000000000250D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000004.00000002.1831755822.0000000002533000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_de0000_getscreen-456311346-x86.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$FreeHeap
                                                          • String ID:
                                                          • API String ID: 3197834085-0
                                                          • Opcode ID: b21d70339e5884cec6742d5e2f5286c4ef955fcb22b1ba8d786390f09fb51398
                                                          • Instruction ID: 1a9b517fead17e46c23e020368a9b6a55bd52463269dbd80160fa847c1e7dab0
                                                          • Opcode Fuzzy Hash: b21d70339e5884cec6742d5e2f5286c4ef955fcb22b1ba8d786390f09fb51398
                                                          • Instruction Fuzzy Hash: 0A412D796053126ED7213A7DACC4DAB364C9F75A71B19023BF618D62F2DF38891A8230